| === mhcerri8 is now known as mhcerri | ||
| JianLei | Hello all. Where can i find the difference between ubuntu kernel and upstream kernel? | 06:26 |
|---|---|---|
| chiluk_ | @jianlei gitweb for Ubuntu kernels is https://kernel.ubuntu.com/git/?q=ubuntu | 18:39 |
| chiluk_ | iirc you are going to want the ubuntu/ubuntu-<release>.git trees | 18:40 |
| === chiluk_ is now known as chiluk | ||
| tomreyn | i just read https://www.vusec.net/projects/bhi-spectre-bhb/ and checked for the value of /proc/sys/kernel/unprivileged_bpf_disabled on 18.04 and 20.04 and what may be 22.04, only the latter has it on 2, the others have it at 0. are these plans to change it for the older LTS? | 18:48 |
| tomreyn | This is CVE-2022-0001 and CVE-2022-0002. For reference, https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#unprivileged-bpf-disabled - I'm aware mitigation by sysctl is possible. | 18:58 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0001> | 18:58 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0002> | 18:58 |
| tomreyn | hmm sorry about the spam | 18:58 |
| tomreyn | ok, i just noticed it's actually set to 2 on latest 20.04 as well, and probably 18.04 as well. | 18:59 |
| tomreyn | TL;DR: please ignore the above. | 19:00 |
| sbeattie | tomreyn: 18.04 did not have 2 as default, kernels are going out now to have that be the default going back to 4.4 kernels. | 19:08 |
| sbeattie | tomreyn: also https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI has information | 19:08 |
| tomreyn | sbeattie: nice, thank you. | 19:09 |
| chiluk | anyone else killing some time checking out the new CVE hotness going around news-cycle https://dirtypipe.cm4all.com/ ? | 20:41 |
| sarnold | hey chiluk :) | 20:43 |
| chiluk | hey sarnold long time... | 20:43 |
| sarnold | chiluk: aye, it's hard to understand just how fast time goes.. | 20:43 |
| chiluk | seriously it's been like 4 years now... I finally stood up IRC again just a few months ago. | 20:43 |
| chiluk | crap nm ... almost 5 come April. | 20:44 |
| sarnold | *wow* | 20:44 |
| sarnold | the last two years have been seriously weird but I think I would have guessed about two, heh | 20:44 |
| chiluk | sarnold anyhow, are you folks planning a accelerated kernel spin for this or just a livepatch? | 20:45 |
| chiluk | sarnold... looks like we might be slowly migrating to Ubuntu .. so you might be dropping in more often. | 20:46 |
| chiluk | s/you/i/ | 20:46 |
| sarnold | chiluk: oh sweet! :) this one's going through the grinder now, https://lists.ubuntu.com/archives/focal-changes/2022-March/date.html -- usns might be a little bit further away, but it's all in motion | 20:48 |
| chiluk | sarnold if I hadn't told you Congrats on the promotion. | 20:51 |
| chiluk | sarnold what is usns? | 20:52 |
| sarnold | chiluk: heh, maybe someone else? I haven't gone up for a promotion since we introduced an engineering progression track | 20:52 |
| chiluk | I thought you managed the kernel team now. | 20:53 |
| sarnold | chiluk: sorry, just lazy; USNs :) www.ubuntu.com/usn/ | 20:53 |
| sarnold | ah, thankfully no :) still Just A Guy on the security team | 20:53 |
| chiluk | well congrats on not joining the dark side. | 20:53 |
| sarnold | :D | 20:54 |
| chiluk | when was the last time you heard of a darker side than the security team... ;) | 20:54 |
| sarnold | every time The Spreadsheet is mentioned I get goosebumps.. | 20:55 |
| chiluk | I'm thankful I don't even know what that is. | 20:55 |
| chiluk | or at least I've long forgotten. | 20:56 |
| sarnold | sounds good man, sounds good :) | 20:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!