| ▲ | dspillett 4 hours ago | |
> Did you read the CVEs? You obviously didn't read to the end of my little post, yet feel righteous enough to throw that out… > One allows the root user to create a kernel thread and then block its shutdown for several minutes. Which as part of a compromise chain could cause a DoS issue that might be able to bypass common protections like cgroup imposed limits. | ||
| ▲ | nine_k an hour ago | parent [-] | |
If we apply risk/reward analysis, how probable is such a chain of exploits? If you already got local root, you might as well do a little bit more than a simple DoS. Depending on how much performance would be gained by using io_uring in a particular case, and how many layers of protection exist around your server, it might be a risk worth taking. | ||