Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the... | netdev

(off-list ancestor, not in this archive)
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · Alexei Starovoitov <hidden> · 2017-10-19
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-10-19
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · Alexei Starovoitov <hidden> · 2017-10-19
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-11-09
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · joeyli <jlee@suse.com> · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · jlee@suse.com · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · jlee@suse.com · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-10-23
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · joeyli <jlee@suse.com> · 2017-10-25
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · Alexei Starovoitov <hidden> · 2017-10-20
Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down · David Howells <dhowells@redhat.com> · 2017-10-23

Re: [PATCH 18/27] bpf: Restrict kernel image access functions when the kernel is locked down

From: David Howells <dhowells@redhat.com>
Date: 2017-10-23 14:51:24
Also in: lkml

Alexei Starovoitov [off-list ref] wrote:

If you want to lock down read access you'd need to disable
not only bpf, but all of kprobe and likey ftrace, since
untrusted root can infer kernel data by observing function
execution even if it cannot load modules and bpf progs.

Okay.

David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help