Bug#990411: systemd: set kernel.unprivileged_bpf_disabled = 1

Tomas Pospisek tpo_deb at sourcepole.ch
Mon Jun 28 13:52:25 BST 2021 

Package: systemd
Version: 247.3-5
Severity: wishlist
Tags: security
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>

Hi,

TLDR:

    $ sudo sysctl kernel.unprivileged_bpf_disabled
    kernel.unprivileged_bpf_disabled = 0

please disable unprivileged BPF by default, it seems that it
is not safe to be allowed by default in the general case.

I'm not sure if systemd is the right place to report this
security/wishlist ticket against. I've chosen systemd because it
ships `/etc/sysctl.d/99-sysctl.conf` which seems to me to be the
nearest fit to where `kernel.unprivileged_bpf_disabled` should
be set. Please reassign if there's a better package to stick
this report to.

After reading https://lwn.net/Articles/860597/ I'm under the
impression that allowing unprivileged BPF is too big of a
barn door to leave open at these times.

Currently

* I have no idea which packages that I install use or will use BPF
* I don't know how I could even find out
* even if I knew that a given program *does* use BPF, I estimate
  that it'd require me a non-trivial effort to analyze how security
  critical that fact is in my context
* considering myself quite a seasoned sysadmin I very much doubt
  that the general Debian consumer is even remotely capable of
  correctly assesing the preceeding points

Therefore I'd suggest to seriously consider to disable the
unprivileged BPF gun *by default* on freshly installed Debian
systems.

Thanks a lot for taking care of Debian!
*t


-- Package-specific info:

-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-7-amd64 (SMP w/8 CPU threads)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd depends on:
ii  adduser                          3.118
ii  libacl1                          2.2.53-10
ii  libapparmor1                     2.13.6-10
ii  libaudit1                        1:3.0-2
ii  libblkid1                        2.36.1-7
ii  libc6                            2.31-12
ii  libcap2                          1:2.44-1
ii  libcrypt1                        1:4.4.18-4
ii  libcryptsetup12                  2:2.3.5-1
ii  libgcrypt20                      1.8.7-3
ii  libgnutls30                      3.7.1-3
ii  libgpg-error0                    1.38-2
ii  libip4tc2                        1.8.7-1
ii  libkmod2                         28-1
ii  liblz4-1                         1.9.3-2
ii  liblzma5                         5.2.5-2
ii  libmount1                        2.36.1-7
ii  libpam0g                         1.4.0-7
ii  libseccomp2                      2.5.1-1
ii  libselinux1                      3.1-3
ii  libsystemd0                      247.3-5
ii  libzstd1                         1.4.8+dfsg-2.1
ii  mount                            2.36.1-7
ii  systemd-timesyncd [time-daemon]  247.3-5
ii  util-linux                       2.36.1-7

Versions of packages systemd recommends:
ii  dbus  1.12.20-2

Versions of packages systemd suggests:
ii  policykit-1        0.105-31
pn  systemd-container  <none>

Versions of packages systemd is related to:
pn  dracut           <none>
ii  initramfs-tools  0.140
ii  libnss-systemd   247.3-5
ii  libpam-systemd   247.3-5
ii  udev             247.3-5

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list