[PATCH bpf-next] bpf, capabilities: introduce CAP_BPF

Alexei Starovoitov alexei.starovoitov at gmail.com
Wed Aug 28 04:49:05 UTC 2019


On Tue, Aug 27, 2019 at 07:00:40PM -0700, Andy Lutomirski wrote:
> 
> Let me put this a bit differently. Part of the point is that
> CAP_TRACING should allow a user or program to trace without being able
> to corrupt the system. CAP_BPF as you’ve proposed it *can* likely
> crash the system.

Really? I'm still waiting for your example where bpf+kprobe crashes the system...



More information about the Linux-security-module-archive mailing list