[PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down
jlee at suse.com
jlee at suse.com
Fri Oct 20 15:57:48 UTC 2017
On Fri, Oct 20, 2017 at 09:08:48AM +0100, David Howells wrote:
> Hi Joey,
>
> Should I just lock down sys_bpf() entirely for now? We can always free it up
> somewhat later.
>
> David
OK~~ Please just remove my patch until we find out a way to
verify bpf code or protect sensitive data in memory.
I think that we don't need to lock down sys_bpf() now because
we didn't lock down other interfaces for reading arbitrary
address like /dev/mem and /dev/kmem.
Thanks a lot!
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list