12384 – sysctl net.core.bpf_jit_harden is currently set to 0

Bug 12384 - sysctl net.core.bpf_jit_harden is currently set to 0

Summary: sysctl net.core.bpf_jit_harden is currently set to 0

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	all All

Importance:	- Unknown - Security
Assignee:	Peter Müller
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	KERNSEC
	Show dependency tree / graph

Reported:	2020-04-15 19:24 UTC by Peter Müller
Modified:	2021-05-14 16:58 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2020-04-15 19:24:19 UTC

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings recommends "2" instead:

> # Turn on BPF JIT hardening, if the JIT is enabled.
> net.core.bpf_jit_harden = 2

Comment 1 Peter Müller 2020-06-07 17:03:11 UTC

https://patchwork.ipfire.org/patch/3164/

Comment 2 Peter Müller 2021-04-09 19:15:38 UTC

https://patchwork.ipfire.org/patch/4137/

Comment 3 Peter MÃ¼ller 2021-04-10 14:35:20 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=45022af1b80270039d649cde6071fe30344ae443

Comment 4 Peter MÃ¼ller 2021-04-20 21:05:44 UTC

https://blog.ipfire.org/post/ipfire-2-25-core-update-156-available-for-testing

Comment 5 Peter MÃ¼ller 2021-05-14 16:58:43 UTC

https://blog.ipfire.org/post/ipfire-2-25-core-update-156-released