From unknown Sun Jun 22 04:30:20 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#61216: Disabling unprivileged BPF by default in our kernels
Resent-From: Tobias Geerinckx-Rice <me@tobias.gr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: help-debbugs@gnu.org
Resent-Date: Wed, 01 Feb 2023 19:46:02 +0000
Resent-Message-ID: <handler.61216.B.16752807251279@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 61216
X-GNU-PR-Package: debbugs.gnu.org
X-GNU-PR-Keywords: 
To: Ekaitz Zarraga <ekaitz@elenq.tech>
Cc: help-guix@gnu.org, Christian Gelinek <christian.gelinek@mailbox.org>
Received: via spool by submit@debbugs.gnu.org id=B.16752807251279
          (code B ref -1); Wed, 01 Feb 2023 19:46:02 +0000
Received: (at submit) by debbugs.gnu.org; 1 Feb 2023 19:45:25 +0000
Received: from localhost ([127.0.0.1]:59914 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pNJ2r-0000KZ-15
	for submit@debbugs.gnu.org; Wed, 01 Feb 2023 14:45:25 -0500
Received: from lists.gnu.org ([209.51.188.17]:57856)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1pNJ2o-0000KQ-MZ
 for submit@debbugs.gnu.org; Wed, 01 Feb 2023 14:45:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>)
 id 1pNJ2o-0005IJ-5S; Wed, 01 Feb 2023 14:45:22 -0500
Received: from tobias.gr ([2a02:c205:2020:6054::1])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>)
 id 1pNJ2l-0003iR-Vb; Wed, 01 Feb 2023 14:45:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=KjLfyxU9jmOub
 aSUr1FN9kQ9e/pObeZ6WaChlPsJnAE=;
 h=in-reply-to:date:subject:cc:to:
 from:references; d=tobias.gr; b=hWBEvwgrkcVycK/yyfurGqNq96NyDN1qgNqTT4
 UknjjAd16x3YfO0QlUeOuwZFXzuL9WKf6EUHml5DtK/PAOqCIWo3OIDNchiOfxESSKq1V2
 Zoz4xwVjHcNlV6PpuALlgKRFIVJn2DBwFBhVkHUOYbmpJmy3WaT+7p+KnPcPU5DExSj4pM
 /bweM66XLjK0tUxe+/4P6A0bX8a1QaYEdDnvdz/xzNpClngJIKxwb9t3Of7IsxnqA/Tng9
 KkTJWo3cJ8p9GO5mnWI2/bm1CsTLI/Z26Jffdvre+NRJ/9m/ufr9YQxMeDAljLNLB5zSCu
 sFKtdOwSo1ypLUWOO158oH9w==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 97b74978
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Wed, 1 Feb 2023 19:45:14 +0000 (UTC)
References: <e7000800-bd5d-8ba4-3f45-888572fd11d8@mailbox.org>
 <87fsbpnzil.fsf@nckx>
 <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 01 Feb 2023 20:43:42 +0100
In-reply-to: <JtkGgqe5eiY4y2zwckKFjN8l1eqkn767MmrzEjujJY9qRXcD2kzGcM3W6dOEbmfPogRk1UK8xZ7ClOkIF530FUBppML-aRZ1bZZLfMq7g9Q=@elenq.tech>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87bkmdnp69.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Ekaitz Zarraga =E5=86=99=E9=81=93=EF=BC=9A
> What does Debian's kconfig list for=20
> CONFIG_BPF_UNPRIV_DEFAULT_OFF?

I've always had this option set to Y in my own kernels, and it has=20
never so much as inconvenienced me.  However, I'm not a BPF power=20
user.

Does anyone know any serious and concrete drawbacks to setting=20
this option in all Guix kernels, to increase default security &=20
better align with other major distros?

Kind regards,

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY9rBzw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15BeIBAKPpvY+lOPqMpDrvGUtvcq+PB4hCIJUiibDwSO5U
t8DNAQDulhBEeK8GfXYKhQOgN6d8+2nimmqsbFiXX5bHrUccBw==
=AqCV
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 25 19:09:24 2023
Received: (at control) by debbugs.gnu.org; 26 Feb 2023 00:09:24 +0000
Received: from localhost ([127.0.0.1]:41838 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1pW4bU-0003xu-0P
	for submit@debbugs.gnu.org; Sat, 25 Feb 2023 19:09:24 -0500
Received: from tobias.gr ([80.241.217.52]:36492)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1pW4bR-0003xj-Q1
 for control@debbugs.gnu.org; Sat, 25 Feb 2023 19:09:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=nBGDpRhIpl+Ao
 jEShsWzA25jRymMHTM1PHE/EQhycJ4=; h=to:from:date; d=tobias.gr;
 b=breJcg
 ntF3qlU1Y07ruTL2E1ewobMP5jsDCg5qpsidCB5F59sP8iSzedqJot/mhfjOEkCxHAMrJt
 qXcoaoSJffeiYVkYxk6UjjRNyvjuTlWhFve22PNKjZ98TJNnz5/WutdcOSPM4q/jxGEebo
 u4eJU3XRH13Y9HdpUnPIfI3FWO9ptTs2oqtOGsyAZhI9zdiP4k4TIzurCqZRmPwiXpacwz
 j7IyVNs+y27uhyTh19KrH9eo3b+fZcyom48kh6LDPLOmTali4uFzTa8TJTBfmp4foc4ovc
 iCxtbgpd2Y+eyiBKTYZSphflFeyqIK8rStHQFlnd1l6eC2Jkez3A/8lQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 7e5949d8
 for <control@debbugs.gnu.org>; Sun, 26 Feb 2023 00:09:17 +0000 (UTC)
MIME-Version: 1.0
Date: Sun, 26 Feb 2023 01:09:17 +0100
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: control@debbugs.gnu.org
Message-ID: <b1fdaaa003c7468d6644c9f4d42402cd@tobias.gr>
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  reassign 61216 guix close 61216 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.8 MISSING_SUBJECT        Missing Subject: header
 0.2 NO_SUBJECT             Extra score for no subject
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

reassign 61216 guix
close 61216