| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <657782aa61b9e_edaa2082b@john.notmuch> Date: Mon, 11 Dec 2023 13:44:10 -0800 From: John Fastabend <john.fastabend@...il.com> To: Andrii Nakryiko <andrii@...nel.org>, bpf@...r.kernel.org, netdev@...r.kernel.org, paul@...l-moore.com, brauner@...nel.org Cc: linux-fsdevel@...r.kernel.org, linux-security-module@...r.kernel.org, keescook@...omium.org, kernel-team@...a.com, sargun@...gun.me Subject: RE: [PATCH bpf-next 5/8] libbpf: wire up token_fd into feature probing logic Andrii Nakryiko wrote: > Adjust feature probing callbacks to take into account optional token_fd. > In unprivileged contexts, some feature detectors would fail to detect > kernel support just because BPF program, BPF map, or BTF object can't be > loaded due to privileged nature of those operations. So when BPF object > is loaded with BPF token, this token should be used for feature probing. > > This patch is setting support for this scenario, but we don't yet pass > non-zero token FD. This will be added in the next patch. > > We also switched BPF cookie detector from using kprobe program to > tracepoint one, as tracepoint is somewhat less dangerous BPF program > type and has higher likelihood of being allowed through BPF token in the > future. This change has no effect on detection behavior. > > Signed-off-by: Andrii Nakryiko <andrii@...nel.org> > --- Acked-by: John Fastabend <john.fastabend@...il.com>
Powered by blists - more mailing lists