Yes, there are solutions to this that don't expose the whole kernel to
root.
* This project's kernel module could use DKMS. This could make use of the MOK
workflow already present in Ubuntu.
* This project's kernel module could be included in the upstream kernel.
The last option would be more
I believe this fix causes a regression with NoteBook Fan Control (NBFC) as
lifting the kernel lockdown was used as a workaround to enable NBFC to control
fan speed.
See https://github.com/hirschmann/nbfc/issues/414#issuecomment-354274657 and
https://github.com/hirschmann/nbfc/issues/472
Would
This bug was fixed in the package linux - 5.3.0-24.26
---
linux (5.3.0-24.26) eoan; urgency=medium
* eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- io_uring: fix up O_NONBLOCK handling for sockets
-
So, um, is there a simple way to get this fix into the other affected
distributions or do I have to open an issue in each one?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1851380
Title:
root can
This bug was fixed in the package linux - 4.15.0-72.81
---
linux (4.15.0-72.81) bionic; urgency=medium
* bionic/linux: 4.15.0-72.81 -proposed tracker (LP: #1854027)
* [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
(LP: #1853326)
- Revert "arm64: Use
This bug was fixed in the package linux - 5.3.0-24.26
---
linux (5.3.0-24.26) eoan; urgency=medium
* eoan/linux: 5.3.0-24.26 -proposed tracker (LP: #1852232)
* Eoan update: 5.3.9 upstream stable release (LP: #1851550)
- io_uring: fix up O_NONBLOCK handling for sockets
-
This bug was fixed in the package linux - 5.0.0-37.40
---
linux (5.0.0-37.40) disco; urgency=medium
* disco/linux: 5.0.0-37.40 -proposed tracker (LP: #1852253)
* System hangs at early boot (LP: #1851216)
- x86/timer: Skip PIT initialization on modern chipsets
* drm/i915:
I can confirm that this bug is fixed in bionic:
# echo "x" > /proc/sysrq-trigger
Nov 14 20:38:58 panzersperre kernel: sysrq: SysRq :
Nov 14 20:38:58 panzersperre kernel: This sysrq operation is disabled from
userspace.
I don't have a disco or eoan to test.
** Tags removed:
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
disco' to 'verification-done-disco'. If the problem still exists, change
the tag
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
eoan' to 'verification-done-eoan'. If the problem still exists, change
the tag
** Changed in: linux (Ubuntu Bionic)
Status: Triaged => Fix Committed
** Changed in: linux (Ubuntu Disco)
Status: Triaged => Fix Committed
** Changed in: linux (Ubuntu Eoan)
Status: Triaged => Fix Committed
--
You received this bug notification because you are a member of
I'm no expert in either kernel or C programming and I didn't test this
patch, but it looks good to me.
Also, the resulting code is quite similar to the one Fedora is currently using
- they accidentally fixed this bug in
** Description changed:
+ SRU Justification
+
+ Impact: The kernel lockdown support adds a sysrq to allow a physically
+ present user to disable lockdown from the keyboard. A bug in the
+ implementation makes it possible to also lift lockdown by writing to
+ /proc/sysrq-trigger.
+
+ Fix:
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1851380
Title:
root can lift kernel lockdown
To manage notifications about this bug go to:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1851380
Title:
root can lift kernel lockdown
To manage notifications about this
16 matches
Mail list logo