[09:25] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT oldwjqz: Orphis vtapia kissiel sladen Laney ogra_ jbicha dupondje JackFrost schmidtm retoaded Elimin8er hggdh fginther gavinlin apw marlinc Calvin` Spads debfx
[09:25] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT apsmk: Elimin8er grumble soee_ m_tadeu bluesabre ogra_ gavinlin hggdh pdeee smb milli jjohansen Foxtrot jugo rbasak schmidtm jbicha tacocat eoli3n fginther rbalint balkamos phunysanta mdeslaur JackFrost sary Laif alexlis
[09:25] <nov585> ▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT ffvex: d1b Laney gavinlin marlinc hloeung hggdh mdeslaur eoli3n schmidtm apw dupondje wgrant rbasak tacocat mhall119 pdeee mario bluesabre caribou m_tadeu mneptok ejat juergh_ ikepanhc soee_ grumble Elimin8er Spads sconklin fginther blahdeblah jugo o
[09:25] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT zpkktgbf: zhongjun phunysanta dupondje Spads sladen rbasak jjohansen Calvin` gavinlin tacocat m_tadeu schmidtm rbalint soee_ apw kissiel jbicha Elimin8er milli giraffe ma
[09:26] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT arqjjgvj: jbicha sconklin phunysanta kissiel alexlist gavinlin m_tadeu sladen giraffe ikepanhc ltrager Spads ejat jjohansen pdeee juergh_ soee_ balkamos sary grumble wgrant ret2libc mdeslaur bluesabre caribou milli zhongjun Elimin
[09:26] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT gbdqbrpos: marlinc ret2libc ogra_ schmidtm bluesabre ikepanhc hggdh Pwnna jugo sladen ejat blahdeblah mario tacocat debfx fginther milli giraffe gavinlin zhongjun sary mneptok mdeslaur JackFrost vtapia juergh_ Foxtrot retoaded eol
[09:26] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT lhcucvnayr: fginther giraffe wgrant milli jjohansen hggdh dupondje mdeslaur marlinc rbasak Pwnna sary Orphis hloeung soee_ ikepanhc grumble Laney udevbot JackFrost jbicha alexlist mhall119 Elimin8er eoli3n Calvin` vtapia
[09:26] <nov585> ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT xvdzicet: retoaded bluesabre sary mneptok Laif jjohansen caribou vtapia marlinc wgrant Foxtrot ogra_ JackFrost milli mhall119 dupondje Pwnna alexlist Spads Laney smb debfx tacocat fginther C
[09:26] <nov585> ▄▄▄▄▄▄▄▄▄▄▄ DO YOU WANT TO KEEP YOUR MAN SATISFIED DURING THE CHRISTMAS BREAK?? EL IS GIVING ANAL SEX TIPS IN ##FEMINISM RIGHT NOW DONT MISS IT amqrncjdjd: mhall119 Laney smb ejat JackFrost phunysanta sladen marlinc m_tadeu ltrager bluesabre sconklin eoli3n jjohansen jbicha alexlist blahdeblah giraffe kissiel dupondje apw wgrant ikepanhc schmidtm Calvin` zhongjun gavinlin mdeslaur
=== phunysanta is now known as phunyguy
[23:25] <jjohansen> stgraber: just so you are aware for the holidays we are setting kernel.unprivileged_bpf_disabled systctl) to disabled as a mitigation to deal with http://www.openwall.com/lists/oss-security/2017/12/24/1
[23:25] <jjohansen> this will prevent unprivileged user namespace containers from loading ebpf
[23:26] <jjohansen> lool: ^
[23:26] <stgraber> does that affect seccomp? IIRC it's not actually using the ebpf parser
[23:26] <stgraber> if not, I don't think anyone will notice
[23:26] <jjohansen> stgraber: it blocks ebpf loads at the syscall
[23:26] <stgraber> ok, so not a problem then, seccomp definitely doesn't use the ebpf syscalls
[23:26] <jjohansen> so I would assume so, but I haven't checked
[23:26] <lool> stgraber: would iptables from inside a container be affected?
[23:27] <stgraber> lool: maybe, though not stock iptables, only fancy xtables + bpf I'd think
[23:28] <lool> maybe tc
[23:28] <stgraber> some of those may use ebpf behind the scenes but since jjohansen says this only restricts access to the syscall itself, none of those should be affected
[23:28] <stgraber> it should only really affect things like xpf that directly rely on a loaded piece of ebpf code
[23:29] <stgraber> and I'm not sure how much of that is accessible from an unprivileged user today
[23:31] <jjohansen> stgraber: well, the syscall check is !capable() or the sysctl() so its accessible, but I am not really aware of users
[23:31] <lool> what's the list of syscalls? just bpf()?
[23:31] <lool> https://codesearch.debian.net/search?q=bpf%5C%28
[23:32] <jjohansen> an unprivileged container, where the OS thinks its privileged is the most likely place this will trip since its not ns_capable but checking capable in the init ns
[23:32] <lool> shows these source packages with calls in Debian: ecasound kfreebsd-10 bpfcc golang-github-seccomp-libseccomp-golang linux-grsec ncl libtrace3 trinity isc-kea pyroute2 nfstrace wireguard python-pypcap netsniff-ng p0f systemtap pan golang-github-vishvananda-netlink guitarix iproute2 gnomad2 llvm-toolchain-3.7 moc gnuradio pcaputils snapd tcpflow tcpdump gtkpod libseccomp tcpreplay mplayer arp-scan dnsmasq gstreamermm-1.0 linux libpcap aegisub chuck p
[23:32] <jjohansen> lool: yeah, ebp just has the 1 syscall
[23:32] <lool> systemd might be worth a check, seems to make copious use
[23:33] <jjohansen> yeah it might trip in an unprivileged container
[23:33] <lool> I guess the other ones fall into advanced use cases and documentation to disable the default secure behavior might be enough
[23:33] <jjohansen> it won't affect the host since it will have init ns capability
[23:35] <lool> I've changed the RE to bpf\s*\( and it shows qemu as well
[23:35] <lool> and isc-dhcp
[23:36] <lool> qemu is just user mode
[23:36] <lool> should probably query Ubuntu sources though  :-)
[23:36] <lool> Is there an Ubuntu code search by any chance?
[23:54] <tsimonq2> lool: packages.ubuntu.com :)
[23:55] <lool> tsimonq2: oh didn't know it could do codesearch
[23:56] <lool> tsimonq2: hmm where is this specifically?
[23:56] <dax> it can't, as far as i know
[23:56] <tsimonq2> lool: Well, not codesearch in the sense of Debian's codesearch, but you can search filenames :/
[23:56]  * tsimonq2 was a little mistaken there, sorrt
[23:56] <tsimonq2> s/sorrt/sorry/
[23:56] <lool> ah yeah; nah I was looking for codesearch equivalent but against Ubuntu sources; apparently someone ran this in the past
[23:57] <lool> (there's a mention of http://ubuntu-codesearch.surgut.co.uk on ask.u.c)
[23:57] <lool> anyway, time for bed
[23:57]  * lool &
[23:58] <Faux> Note Debian codesearch misses a load of things due to terrible source packages; e.g. openjdk just being a big gzip. (fixed in new openjdk)