Do not automatically enable the linux kernel's BPF JIT compiler

The default value of kernel.unprivileged_bpf_disabled is 0 which means
this is enabling the BPF JIT compiler for unprivileged users. Given that
this is a known attack vector for Spectre variant 1 (CVE-2017-5753) this
is not a setting that a utility should be tampering with.

Tshark's and dumpcap's help message is changed by Balint Reczey to suggest
enabling BPF manually after considering security-related implications.

Change-Id: I1cc34cbd6e84485eba9dee79a8700aa388354885
Signed-off-by: Balint Reczey <balint.reczey@canonical.com>
Bug: 14313
Reviewed-on: https://code.wireshark.org/review/25192
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Reviewed-by: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>

dumpcap.c

@@ -150,32 +150,6 @@ static void capture_loop_stop(void);
 /** Close a pipe, or socket if \a from_socket is TRUE */
 static void cap_pipe_close(int pipe_fd, gboolean from_socket _U_);
 
-#ifdef __linux__
-/*
- * Enable kernel BPF JIT compiler if available.
- * If any calls fail, just drive on - the JIT compiler might not be
- * enabled, but filtering will still work, and it's not clear what
- * we could do if the calls fail; should we just report the error
- * and not continue to capture, should we report it as a warning, or
- * what?
- */
-static void
-enable_kernel_bpf_jit_compiler(void)
-{
-    int fd;
-    ssize_t written _U_;
-    static const char file[] = "/proc/sys/net/core/bpf_jit_enable";
-
-    fd = ws_open(file, O_WRONLY);
-    if (fd < 0)
-        return;
-
-    written = ws_write(fd, "1", strlen("1"));
-
-    ws_close(fd);
-}
-#endif
-
 #if !defined (__linux__)
 #ifndef HAVE_PCAP_BREAKLOOP
 /*
@@ -502,9 +476,10 @@ print_usage(FILE *output)
     fprintf(output, "  -h                       display this help and exit\n");
     fprintf(output, "\n");
 #ifdef __linux__
-    fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
-    fprintf(output, "You might want to reset it\n");
-    fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+    fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
+    fprintf(output, "You might want to enable it by executing:\n");
+    fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
+    fprintf(output, "Note that this can make your system less secure!\n");
     fprintf(output, "\n");
 #endif
     fprintf(output, "Example: dumpcap -i eth0 -a duration:60 -w output.pcapng\n");
@@ -4663,10 +4638,6 @@ main(int argc, char *argv[])
 #endif /* SIGINFO */
 #endif  /* _WIN32 */
 
-#ifdef __linux__
-    enable_kernel_bpf_jit_compiler();
-#endif
-
     /* ----------------------------------------------------------------- */
     /* Privilege and capability handling                                 */
     /* Cases:                                                            */

tshark.c

@@ -454,9 +454,10 @@ print_usage(FILE *output)
   fprintf(output, "                           use \"-G help\" for more help\n");
 #ifdef __linux__
   fprintf(output, "\n");
-  fprintf(output, "WARNING: dumpcap will enable kernel BPF JIT compiler if available.\n");
-  fprintf(output, "You might want to reset it\n");
-  fprintf(output, "By doing \"echo 0 > /proc/sys/net/core/bpf_jit_enable\"\n");
+  fprintf(output, "Dumpcap can benefit from an enabled BPF JIT compiler if available.\n");
+  fprintf(output, "You might want to enable it by executing:\n");
+  fprintf(output, " \"echo 1 > /proc/sys/net/core/bpf_jit_enable\"\n");
+  fprintf(output, "Note that this can make your system less secure!\n");
 #endif
 
 }