| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220322145012.1315376-1-milan@mdaverde.com>
Date: Tue, 22 Mar 2022 10:49:45 -0400
From: Milan Landaverde <milan@...verde.com>
To: unlisted-recipients:; (no To-header on input)
Cc: milan@...verde.com, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Quentin Monnet <quentin@...valent.com>,
Paul Chaignon <paul@...valent.com>,
Niklas Söderlund <niklas.soderlund@...igine.com>,
netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH bpf-next] bpf/bpftool: add unprivileged_bpf_disabled check against value of 2
In [1], we added a kconfig knob that can set
/proc/sys/kernel/unprivileged_bpf_disabled to 2
We now check against this value in bpftool feature probe
[1] https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net
Signed-off-by: Milan Landaverde <milan@...verde.com>
---
tools/bpf/bpftool/feature.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
index c2f43a5d38e0..290998c82de1 100644
--- a/tools/bpf/bpftool/feature.c
+++ b/tools/bpf/bpftool/feature.c
@@ -207,7 +207,10 @@ static void probe_unprivileged_disabled(void)
printf("bpf() syscall for unprivileged users is enabled\n");
break;
case 1:
- printf("bpf() syscall restricted to privileged users\n");
+ printf("bpf() syscall restricted to privileged users (without recovery)\n");
+ break;
+ case 2:
+ printf("bpf() syscall restricted to privileged users (admin can change)\n");
break;
case -1:
printf("Unable to retrieve required privileges for bpf() syscall\n");
--
2.32.0
Powered by blists - more mailing lists