IO_uring security / vulnerabilties?

That news caught my eye.

Whonix uses IO_uring now, i wonder maybe kernels should be recompiled with IO_uring disabled to stay on a safe side?

1 Like

I also had a look at this a while back but have not had the time to test any performance implications or other compatibility related issues. Given we are running Debian, it should probably be tested thoroughly on Bookworm.

It certainly seems like something we should disable given the statistics provided by Google. Regardless, I will attempt to look more thoroughly into this kernel parameter.


Written just now:

One way we can gauge the impact of changing this parameter is by following what happens in the linux-hardened kernel for Arch Linux:

Since we are probably going to stick with Debian and so not going to move to (or past) kernel 6.6 anytime in the next two years, perhaps we could make an exception to change this one kernel parameter after it is thoroughly tested on linux-hardened.

1 Like
1 Like

I agree that in order to reduce contributor burden with regards to versioning it is a good idea to add the sysctl in as long as it doesn’t break anything. As contributors come and go over the years it can become easy to overlook small niche edits like this.

Another benefit is that a lot of people use security-misc settings as a base to harden their systems and so might as well provide them a complete set of options.

So should I leave as is or should add a comment saying that this PR is just for display and only useful for kernel 6.6 and above?

1 Like

Merged now. Thank you!

That would be useful.

1 Like
1 Like

Merged, thank you!