Clarify (future) disabling of io_uring

2025-05-06 10:25:00 -04:00 · 2024-07-18 12:25:00 +10:00 · 2024-07-18 12:25:00 +10:00 · 13cc1f0986
commit 13cc1f0986
parent 9e6facda70
2 changed files with 9 additions and 2 deletions
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@ -117,12 +117,18 @@ kernel.perf_event_paranoid=3
 kernel.randomize_va_space=2

 ## Disable asynchronous I/O for all processes.
+## Leading cause of numerous kernel exploits.
+## Disabling will reduce the read/write performance of storage devices.
 ##
+## https://en.wikipedia.org/wiki/Io_uring#Security
+## https://lwn.net/Articles/902466/
 ## https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html
+## https://github.com/moby/moby/pull/46762
+## https://forums.whonix.org/t/io-uring-security-vulnerabilties/16890
 ##
 ## Applicable when using Linux kernel >= 6.6 (retained here for future-proofing and completeness).
 ##
-kernel.io_uring_disabled=2
+#kernel.io_uring_disabled=2

 ## 2. User Space:
 ##