JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3ee206291a
nixpkgs/nixos
History
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
..
doc linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 2022-01-15 23:44:19 +01:00
lib lib/qemu-common: Add serial device name for RISC-V 2022-01-09 15:29:52 -08:00
maintainers create-amis.sh: possible deprecation 2021-11-11 09:04:29 -07:00
modules Merge pull request #154550 from veehaitch/sgx-compat-udev 2022-01-13 14:55:08 +00:00
tests nixos/starship: use expect for testing 2022-01-13 07:56:52 +00:00
COPYING
default.nix
README
release-combined.nix release-combined.tested: Add the Sway test 2021-05-27 13:36:48 +02:00
release-small.nix
release.nix lxdImage: split from docker profile, use generators.toYAML 2021-11-03 07:49:54 +01:00

README 

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
https://nixos.org/nixos and in the manual in doc/manual.