[PATCH 23/27] bpf: Restrict kernel image access functions when the kernel is locked down
Golden_Miller83 at protonmail.ch
Tue Mar 26 13:54:40 UTC 2019
On Tuesday, March 26, 2019 12:00 AM, Daniel Borkmann <daniel at iogearbox.net> wrote:
> On 03/26/2019 12:42 AM, Stephen Hemminger wrote:
> > On Mon, 25 Mar 2019 15:09:50 -0700
> > Matthew Garrett matthewgarrett at google.com wrote:
> > > From: David Howells dhowells at redhat.com
> > > There are some bpf functions can be used to read kernel memory:
> > > bpf_probe_read, bpf_probe_write_user and bpf_trace_printk. These allow
> > > private keys in kernel memory (e.g. the hibernation image signing key) to
> > > be read by an eBPF program and kernel memory to be altered without
> > > restriction.
> I'm not sure where 'kernel memory to be altered without restriction' comes
> from, but it's definitely a wrong statement.
> > > Completely prohibit the use of BPF when the kernel is locked down.
> In which scenarios will the lock-down mode be used? Mostly niche? I'm asking
> as this would otherwise break a lot of existing stuff ... I'd prefer you find
> a better solution to this than this straight -EPERM rejection.
AFAIK this change breaks IPAddressAllow/IPAddressDeny usage in systemd services
which makes them LESS secure.
More information about the Linux-security-module-archive