| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT oldwjqz: Orphis vtapia kissiel sladen Laney ogra_ jbicha dupondje JackFrost schmidtm retoaded Elimin8er hggdh fginther gavinlin apw marlinc Calvin` Spads debfx | 09:25 |
|---|---|---|
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT apsmk: Elimin8er grumble soee_ m_tadeu bluesabre ogra_ gavinlin hggdh pdeee smb milli jjohansen Foxtrot jugo rbasak schmidtm jbicha tacocat eoli3n fginther rbalint balkamos phunysanta mdeslaur JackFrost sary Laif alexlis | 09:25 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT ffvex: d1b Laney gavinlin marlinc hloeung hggdh mdeslaur eoli3n schmidtm apw dupondje wgrant rbasak tacocat mhall119 pdeee mario bluesabre caribou m_tadeu mneptok ejat juergh_ ikepanhc soee_ grumble Elimin8er Spads sconklin fginther blahdeblah jugo o | 09:25 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT zpkktgbf: zhongjun phunysanta dupondje Spads sladen rbasak jjohansen Calvin` gavinlin tacocat m_tadeu schmidtm rbalint soee_ apw kissiel jbicha Elimin8er milli giraffe ma | 09:25 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT arqjjgvj: jbicha sconklin phunysanta kissiel alexlist gavinlin m_tadeu sladen giraffe ikepanhc ltrager Spads ejat jjohansen pdeee juergh_ soee_ balkamos sary grumble wgrant ret2libc mdeslaur bluesabre caribou milli zhongjun Elimin | 09:26 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT gbdqbrpos: marlinc ret2libc ogra_ schmidtm bluesabre ikepanhc hggdh Pwnna jugo sladen ejat blahdeblah mario tacocat debfx fginther milli giraffe gavinlin zhongjun sary mneptok mdeslaur JackFrost vtapia juergh_ Foxtrot retoaded eol | 09:26 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT lhcucvnayr: fginther giraffe wgrant milli jjohansen hggdh dupondje mdeslaur marlinc rbasak Pwnna sary Orphis hloeung soee_ ikepanhc grumble Laney udevbot JackFrost jbicha alexlist mhall119 Elimin8er eoli3n Calvin` vtapia | 09:26 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT xvdzicet: retoaded bluesabre sary mneptok Laif jjohansen caribou vtapia marlinc wgrant Foxtrot ogra_ JackFrost milli mhall119 dupondje Pwnna alexlist Spads Laney smb debfx tacocat fginther C | 09:26 |
| nov585 | ▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT amqrncjdjd: mhall119 Laney smb ejat JackFrost phunysanta sladen marlinc m_tadeu ltrager bluesabre sconklin eoli3n jjohansen jbicha alexlist blahdeblah giraffe kissiel dupondje apw wgrant ikepanhc schmidtm Calvin` zhongjun gavinlin mdeslaur | 09:26 |
| === phunysanta is now known as phunyguy | ||
| jjohansen | stgraber: just so you are aware for the holidays we are setting kernel.unprivileged_bpf_disabled systctl) to disabled as a mitigation to deal with http://www.openwall.com/lists/oss-security/2017/12/24/1 | 23:25 |
| jjohansen | this will prevent unprivileged user namespace containers from loading ebpf | 23:25 |
| jjohansen | lool: ^ | 23:26 |
| stgraber | does that affect seccomp? IIRC it's not actually using the ebpf parser | 23:26 |
| stgraber | if not, I don't think anyone will notice | 23:26 |
| jjohansen | stgraber: it blocks ebpf loads at the syscall | 23:26 |
| stgraber | ok, so not a problem then, seccomp definitely doesn't use the ebpf syscalls | 23:26 |
| jjohansen | so I would assume so, but I haven't checked | 23:26 |
| lool | stgraber: would iptables from inside a container be affected? | 23:26 |
| stgraber | lool: maybe, though not stock iptables, only fancy xtables + bpf I'd think | 23:27 |
| lool | maybe tc | 23:28 |
| stgraber | some of those may use ebpf behind the scenes but since jjohansen says this only restricts access to the syscall itself, none of those should be affected | 23:28 |
| stgraber | it should only really affect things like xpf that directly rely on a loaded piece of ebpf code | 23:28 |
| stgraber | and I'm not sure how much of that is accessible from an unprivileged user today | 23:29 |
| jjohansen | stgraber: well, the syscall check is !capable() or the sysctl() so its accessible, but I am not really aware of users | 23:31 |
| lool | what's the list of syscalls? just bpf()? | 23:31 |
| lool | https://codesearch.debian.net/search?q=bpf%5C%28 | 23:31 |
| jjohansen | an unprivileged container, where the OS thinks its privileged is the most likely place this will trip since its not ns_capable but checking capable in the init ns | 23:32 |
| lool | shows these source packages with calls in Debian: ecasound kfreebsd-10 bpfcc golang-github-seccomp-libseccomp-golang linux-grsec ncl libtrace3 trinity isc-kea pyroute2 nfstrace wireguard python-pypcap netsniff-ng p0f systemtap pan golang-github-vishvananda-netlink guitarix iproute2 gnomad2 llvm-toolchain-3.7 moc gnuradio pcaputils snapd tcpflow tcpdump gtkpod libseccomp tcpreplay mplayer arp-scan dnsmasq gstreamermm-1.0 linux libpcap aegisub chuck p | 23:32 |
| jjohansen | lool: yeah, ebp just has the 1 syscall | 23:32 |
| lool | systemd might be worth a check, seems to make copious use | 23:32 |
| jjohansen | yeah it might trip in an unprivileged container | 23:33 |
| lool | I guess the other ones fall into advanced use cases and documentation to disable the default secure behavior might be enough | 23:33 |
| jjohansen | it won't affect the host since it will have init ns capability | 23:33 |
| lool | I've changed the RE to bpf\s*\( and it shows qemu as well | 23:35 |
| lool | and isc-dhcp | 23:35 |
| lool | qemu is just user mode | 23:36 |
| lool | should probably query Ubuntu sources though :-) | 23:36 |
| lool | Is there an Ubuntu code search by any chance? | 23:36 |
| tsimonq2 | lool: packages.ubuntu.com :) | 23:54 |
| lool | tsimonq2: oh didn't know it could do codesearch | 23:55 |
| lool | tsimonq2: hmm where is this specifically? | 23:56 |
| dax | it can't, as far as i know | 23:56 |
| tsimonq2 | lool: Well, not codesearch in the sense of Debian's codesearch, but you can search filenames :/ | 23:56 |
| * tsimonq2 was a little mistaken there, sorrt | 23:56 | |
| tsimonq2 | s/sorrt/sorry/ | 23:56 |
| lool | ah yeah; nah I was looking for codesearch equivalent but against Ubuntu sources; apparently someone ran this in the past | 23:56 |
| lool | (there's a mention of http://ubuntu-codesearch.surgut.co.uk on ask.u.c) | 23:57 |
| lool | anyway, time for bed | 23:57 |
| * lool & | 23:57 | |
| Faux | Note Debian codesearch misses a load of things due to terrible source packages; e.g. openjdk just being a big gzip. (fixed in new openjdk) | 23:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!