[PATCH bpf-next v2 0/3] BPF signature hash chains
James Bottomley
James.Bottomley at HansenPartnership.com
Wed Oct 22 21:10:02 UTC 2025
On Mon, 2025-10-20 at 18:25 -0700, Alexei Starovoitov wrote:
> On Mon, Oct 20, 2025 at 4:13 PM James Bottomley
> <James.Bottomley at hansenpartnership.com> wrote:
[...]
> > The point, for me, is when doing integrity tests both patch sets
> > produce identical results and correctly detect when integrity of a
> > light skeleton is compromised (in mathematical terms that means
> > they're functionally equivalent). The only difference is that with
> > Blaise's patch set verification completes before the LSM load hook
> > is called and with KP's it completes after ... and the security
> > problem with the latter case is that there's no LSM hook to collect
> > the verification result.
>
> the security problem with KP's approach? wtf.
> I'm going to add "depends on !microsoft" to kconfig bpf_syscall
> and be done with it.
> Don't use it since it's so insecure.
Most Linux installations use LSMs to enforce and manage policies for
system integrity (they don't all use the same set of LSMs, but that's
not relevant to the argument). So while Meta may not use LSMs for
system integrity the fact that practically everyone else does makes not
having a correctly functioning LSM hook for BPF signature verification
a problem for a huge set of users that goes way beyond just Microsoft.
Regards,
James
More information about the Linux-security-module-archive
mailing list