[PATCH bpf-next v3 2/6] bpf: Verify signed loader metadata at load time
Paul Moore
paul at paul-moore.com
Mon Jul 6 17:01:23 UTC 2026
On Thu, Jul 2, 2026 at 6:33 PM Alexei Starovoitov
<alexei.starovoitov at gmail.com> wrote:
> On Thu Jul 2, 2026 at 3:05 PM PDT, Paul Moore wrote:
...
> > With this patch, even in cases where SELinux will prevent the BPF
> > program load operation, it is not able to do so before the process
> > triggers a potential sizable memory allocation, opening the door for a
> > local DoS attack.
>
> Not true either. Worst case is 1M which is 8Mbyte.
> Not even close to anything DoS worthy.
That's 8MB in a single allocation that can be triggered directly by
userspace. I suspect most systems allow a fair number of processes
per user; that 8MB allocation can quickly multiply into a big number,
especially for more modest, non-server systems/VMs.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list