On Fri, Jun 18, 2021 at 4:55 AM Lorenz Bauer [off-list ref] wrote:
On Fri, 18 Jun 2021 at 11:55, Maciej Żenczykowski
[off-list ref] wrote:
quoted
This reverts commit d37300ed182131f1757895a62e556332857417e5.
This breaks Android userspace which expects to be able to
fetch programs with just read permissions.
Sorry about this! I'll defer to the maintainers what to do here.
Reverting leaves us with a gaping hole for access control of pinned
programs.
Not sure what hole you're referring to. Could you provide more
details/explanation?
It seems perfectly reasonable to be able to get a program with just read privs.
After all, you're not modifying it, just using it.
AFAIK there is no way to modify a program after it was loaded, has this changed?
if so, the checks should be on the modifications not the fd fetch.
I guess one could argue fetching with write only privs doesn't make sense?
Anyway... userspace is broken... so revert is the answer.
In Android the process loading/pinning bpf maps/programs is a different
process (the 'bpfloader') to the users (which are far less privileged)