nixos/nixpkgs.git - Nix Packages collection

diff options

author	Martin Weinelt <hexa@darmstadt.ccc.de>	2022-01-14 10:27:28 +0100
committer	Martin Weinelt <hexa@darmstadt.ccc.de>	2022-01-15 23:44:19 +0100
commit	3ee206291a20b2d18e651c77bf161ef42108901f (patch)
tree	9c3f242518f23d295a1a1e75dee82d86d7c0573f /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch
parent	d4cc90aea59dfc7738532cd10266f607e3f76e05 (diff)

linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15

Disable unprivileged access to BPF syscalls to prevent denial of service and privilege escalation via a) potential speculative execution side-channel-attacks on unmitigated hardware[0] or b) unvalidated memory access in ringbuffer helper functions[1]. Fixes: CVE-2021-4204, CVE-2022-23222 [0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf [1] https://www.openwall.com/lists/oss-security/2022/01/13/1

Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: