IO_uring security / vulnerabilties?

That news caught my eye.

Whonix uses IO_uring now, i wonder maybe kernels should be recompiled with IO_uring disabled to stay on a safe side?

1 Like

I also had a look at this a while back but have not had the time to test any performance implications or other compatibility related issues. Given we are running Debian, it should probably be tested thoroughly on Bookworm.

It certainly seems like something we should disable given the statistics provided by Google. Regardless, I will attempt to look more thoroughly into this kernel parameter.

2 Likes

Written just now:

One way we can gauge the impact of changing this parameter is by following what happens in the linux-hardened kernel for Arch Linux:

Since we are probably going to stick with Debian and so not going to move to (or past) kernel 6.6 anytime in the next two years, perhaps we could make an exception to change this one kernel parameter after it is thoroughly tested on linux-hardened.

1 Like