| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Jul 2016 21:01:39 -0700 From: Sargun Dhillon <sargun@...gun.me> To: linux-kernel@...r.kernel.org, netdev@...r.kernel.org Cc: alexei.starovoitov@...il.com Subject: Relax kern_version constraints on bpf kprobes? In kernel/bpf/syscall.c we restrict programs loading bpf kprobe programs so attr.kern_version must be exactly equal to what the user is running at the moment. This makes a lot of sense because kprobes can touch lots of unstable bits of the kernel ABI. Unfortunately, this makes it really difficult to ship binary bpf programs for debugging, and most customers don't want to go through all the steps of preparing for compilation and installation of bpf programs for their specific kernel that was shipped by their vendor. This is especially problematic when the probe is touching only stable ABIs (syscalls), or alternatively is just logging performance events. I realize that we can change this section pretty easily by reading the version at load time and modifying it, but it's kind of a pain. For programs that we know are safe, is there a mechanism by which we can bypass this check, and tell the loader that we know what we're doing since these programs are only accessible to CAP_SYS_ADMIN?
Powered by blists - more mailing lists