[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAADnVQKW4vq-0_Z8kec_Omox1urBCsA-Fpx=H1cY0WVwZHEOQQ@mail.gmail.com>
Date: Thu, 31 Oct 2024 09:10:53 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Song Liu <songliubraving@...a.com>
Cc: Christoph Hellwig <hch@...radead.org>, Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
Song Liu <song@...nel.org>, bpf <bpf@...r.kernel.org>,
Linux-Fsdevel <linux-fsdevel@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
Kernel Team <kernel-team@...a.com>, Andrii Nakryiko <andrii@...nel.org>,
Eduard Zingerman <eddyz87@...il.com>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <martin.lau@...ux.dev>,
Al Viro <viro@...iv.linux.org.uk>, KP Singh <kpsingh@...nel.org>,
Matt Bobrowski <mattbobrowski@...gle.com>
Subject: Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to
cover security.bpf xattr names
On Thu, Oct 31, 2024 at 9:02 AM Song Liu <songliubraving@...a.com> wrote:
>
> > Not sure how you want to best handle that.
>
> We may also introduce other prefixes for future use cases.
bpf infra makes zero effort to prevent insecure/nonsensical bpf programs.
It's futile. Humans will always find ways to shoot themselves in the foot.
Before bpf-lsm existed people were selling "security" products
where _tracing_ bpf programs monitored syscall activity with kprobes
suffering all TOCTOU issues and signaling root user same daemon
via bpf maps/ring buffers to kill "bad" processes.
Such startups still exist. There is no technical solution
to human "ingenuity".
Powered by blists - more mailing lists