Comment by gkbrk
7 months ago
> If a kernel panic is considered a security issue
It's normal to consider a non-root userspace program causing a kernel panic a security issue
7 months ago
> If a kernel panic is considered a security issue
It's normal to consider a non-root userspace program causing a kernel panic a security issue
That very much depends on your security posture. For a desktop computer, with a single user, panicking the kernel is at most a mild inconvenience. As it's said, it's a denial of service, but the service being denied is your own service.
Security, as the reunion of Confidentiality, Integrity, and Availability (CIA), definitely includes vulnerabilities where a malicious user can trigger a kernel panic, as it impacts Availability directly, and potentially Integrity as well in an indirect way.
The distinction you make is a separate step down the line: you do a risk assessment and decide that, in your particular context, a specific vulnerability is not a threat worth defending against.
For that same vulnerability, others will reach different conclusions in their respective risk assessments.
That doesn't make it any less of a vulnerability.
If you can install a program that runs at system startup and panics the kernel, that's beyond mild inconvenience - it's potentially a major IT scramble for a whole company's fleet, for example. Even for a server machine, it might require complicated debug procedures and/or physical access, since you can no longer just SSH into the system.
It's normal to consider it a security issue. Whether you consider it your security issue is contextual.
io_uring is meant for high performance I/O, in other words server use. The desktop is almost entirely irrelevant.
High performance server use is just tomorrow's desktop. My fancy rust terminal filemanager uses io_uring, probably mostly for nerdcred.