[PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown is in confidentiality mode
Matthew Garrett
mjg59 at google.com
Mon Jun 24 20:15:44 UTC 2019
On Mon, Jun 24, 2019 at 1:09 PM Andy Lutomirski <luto at kernel.org> wrote:
> I'm confused. I understand why we're restricting bpf_probe_read().
> Why are we restricting bpf_probe_write_user() and bpf_trace_printk(),
> though?
Hmm. I think the thinking here was around exfiltration mechanisms, but
if the read is blocked then that seems less likely. This seems to
trace back to http://kernsec.org/pipermail/linux-security-module-archive/2017-October/003545.html
- Joey, do you know the reasoning here?
More information about the Linux-security-module-archive
mailing list