[04/21] linux: Disable syscalls that allows processes to r/w other processes' memory
| Message ID | f027be36-cf88-cad0-8571-e3d7bbf57e11@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 00efe232b7118f834e3b38119f6b624bae18de9c |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NgnnS1NW0z3wcv for <patchwork@web04.haj.ipfire.org>; Mon, 26 Dec 2022 19:25:48 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NgnnR2sF2zjk; Mon, 26 Dec 2022 19:25:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NgnnR2s1kz2y4g; Mon, 26 Dec 2022 19:25:47 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NgnnQ257Cz2xmd for <development@lists.ipfire.org>; Mon, 26 Dec 2022 19:25:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NgnnN0yjpzR4 for <development@lists.ipfire.org>; Mon, 26 Dec 2022 19:25:43 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1672082746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZDAfR9xGR24PYqjFaM7g3k7nCGdp/+ZYb9YRAUzJwBw=; b=mqXPN/CQrakMXpu/8iIUiXK/18idAnQRzFWie8mmOM1ybtL4cXk7PNQnyNPxnkCX6yKsr4 NdNsFwtr/fOomTBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1672082746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZDAfR9xGR24PYqjFaM7g3k7nCGdp/+ZYb9YRAUzJwBw=; b=ji3XmNlwYtPhuPSWRN4EOnudl1t8yD+UF/YedNdEA6S7ROnTSK9SB/a+EWFQt4m0Ho+zHx ooDMJjyVIcoZPGqWhPW32SZaP6tWHd+SVbCdKXSnwOlzDHdn/MJH+NFfXYg2FDhdT/wsoj ir5mQHitljqx9pN6zElPzQaa4Mk9yQ9SNyALrVd75YX1nGeM65Nen8CFzvdPNdDd2qs0dS GuHCz8Zl/NcweWthyFodgKNf9pmv9CBU72y7TAxLb+HbMIvC6wK/OYU2BNSAFPLIJht5fl 8Zxsqoj+Ei3JhHXLTpanX9g+5iGDf6GV7Kdg02lBX3Ra/5vhAaGxhrH849kGGQ== Message-ID: <f027be36-cf88-cad0-8571-e3d7bbf57e11@ipfire.org> Date: Mon, 26 Dec 2022 19:25:39 +0000 MIME-Version: 1.0 Subject: [PATCH 04/21] linux: Disable syscalls that allows processes to r/w other processes' memory Content-Language: en-US To: development@lists.ipfire.org References: <0e60a1de-6210-835e-54a4-ec5e3128e42e@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> In-Reply-To: <0e60a1de-6210-835e-54a4-ec5e3128e42e@ipfire.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
linux: Update to 5.15.85 and backport many IPFire 3.x changes
|
|
Commit Message
Peter Müller
Dec. 26, 2022, 7:25 p.m. UTC
Backported from IPFire 3.x as 48931178ff83911c5bbc86194dea694845ae1608.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/kernel/kernel.config.x86_64-ipfire | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Acked-by: Michael Tremer <michael.tremer@ipfire.org> > On 26 Dec 2022, at 20:25, Peter Müller <peter.mueller@ipfire.org> wrote: > > Backported from IPFire 3.x as 48931178ff83911c5bbc86194dea694845ae1608. > > Signed-off-by: Peter Müller <peter.mueller@ipfire.org> > --- > config/kernel/kernel.config.x86_64-ipfire | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire > index c9d8dc56b..663dd444b 100644 > --- a/config/kernel/kernel.config.x86_64-ipfire > +++ b/config/kernel/kernel.config.x86_64-ipfire > @@ -53,7 +53,7 @@ CONFIG_SYSVIPC_SYSCTL=y > CONFIG_POSIX_MQUEUE=y > CONFIG_POSIX_MQUEUE_SYSCTL=y > # CONFIG_WATCH_QUEUE is not set > -CONFIG_CROSS_MEMORY_ATTACH=y > +# CONFIG_CROSS_MEMORY_ATTACH is not set > # CONFIG_USELIB is not set > # CONFIG_AUDIT is not set > CONFIG_HAVE_ARCH_AUDITSYSCALL=y > -- > 2.35.3
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index c9d8dc56b..663dd444b 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -53,7 +53,7 @@ CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y CONFIG_POSIX_MQUEUE_SYSCTL=y # CONFIG_WATCH_QUEUE is not set -CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_CROSS_MEMORY_ATTACH is not set # CONFIG_USELIB is not set # CONFIG_AUDIT is not set CONFIG_HAVE_ARCH_AUDITSYSCALL=y