| ▲ | staticassertion 6 hours ago | |||||||
io-uring is a security nightmare. Constant privescs and a powerful primitive for syscall smuggling. Worth considering disabling it outright (already the case for most containers afaik). | ||||||||
| ▲ | otterley 5 hours ago | parent [-] | |||||||
At one point, Google disabled io_uring on its production servers (https://security.googleblog.com/2023/06/learnings-from-kctf-...) - I don't know whether this is still true, though. Perhaps a Google can confirm. | ||||||||
| ||||||||