Comment 0 for bug 2035116
Revision history for this message
| Thadeu Lima de Souza Cascardo (cascardo) wrote | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
[Impact]
io_uring has been an important attack vector in the recent years in local privilege escalation attacks. Allowing admins that don't use io_uring to disable it in their systems allows them to reduce their attack surface.
[Test case]
sysctl -w kernel.
then try to use io_uring from an unprivileged user, then try it with privileges (CAP_SYS_ADMIN)
[Potential regression]
Uses can be denied from using io_uring.