Bug 12384

Summary: sysctl net.core.bpf_jit_harden is currently set to 0
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED FIXED QA Contact:
Severity: Security    
Priority: - Unknown - CC: peter.mueller
Version: 2   
Hardware: all   
OS: All   
Bug Depends on:    
Bug Blocks: 12361    

Description Peter Müller 2020-04-15 19:24:19 UTC
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings recommends "2" instead:

> # Turn on BPF JIT hardening, if the JIT is enabled.
> net.core.bpf_jit_harden = 2
Comment 1 Peter Müller 2020-06-07 17:03:11 UTC
https://patchwork.ipfire.org/patch/3164/
Comment 2 Peter Müller 2021-04-09 19:15:38 UTC
https://patchwork.ipfire.org/patch/4137/