Bugzilla – Bug 1219222
Disable CONFIG_USELIB
Last modified: 2024-06-25 18:07:25 UTC
uselib(2) system call is generally deprecated and was last needed with libc5. Recently there were also issues with this syscall and path-based LSMs [1] so from security POV it makes sense to disable CONFIG_USELIB if we don't need it. [1] https://lore.kernel.org/all/20240124192228.work.788-kees@kernel.org
Adding security team to CC because disabling CONFIG_USELIB is mostly security motivated. Takashi also had an idea we might want to still disabled this for SLE15-SP6 / ALP as well.
i would say do it. security welcomes reduction of attack surface:)
OK, I pushed the changes to SLE15-SP6 / ALP-current. Shall I send a PR for stable/master branches?
I pushed the updates for master and stable branches, too.
(In reply to Takashi Iwai from comment #5) > I pushed the updates for master and stable branches, too. Definitely appreciated! Merged.
The changes have been merged to master and stable branches. I don't think we want to change the config of already released products? Then the only remaining branch would be slowroll. Robert, please update the config.
(In reply to Takashi Iwai from comment #7) > Then the only remaining branch would be slowroll. Robert, please update the > config. Ack, thanks for keeping me in the loop.
(In reply to Robert Frohl from comment #8) > (In reply to Takashi Iwai from comment #7) > > Then the only remaining branch would be slowroll. Robert, please update the > > config. > > Ack, thanks for keeping me in the loop. Should reach the test repo tomorrow.