Re: BPF: writable uprobe pt_regs context bypasses lockdown=integrity

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>
To: "Xavier Brouckaert (xabrouck)" <xabrouck@cisco.com>
Cc: "bpf@vger.kernel.org" <bpf@vger.kernel.org>,
	 "security@kernel.org" <security@kernel.org>,
	Xiu Jianfeng <xiujianfeng@huawei.com>,
	 Kees Cook <kees@kernel.org>
Subject: Re: BPF: writable uprobe pt_regs context bypasses lockdown=integrity
Date: Mon, 27 Apr 2026 16:25:38 +0200	[thread overview]
Message-ID: <ae9xx6WBG-3HyEHT@archlinux> (raw)
In-Reply-To: <DM6PR11MB4722C282C0F20BB23F54A87ADB362@DM6PR11MB4722.namprd11.prod.outlook.com>

Hi, thanks for your report.

For information, Xiu in CC and I are the new Lockdown maintainers for a few
months now.

Honestly, I'm not found of `LOCKDOWN_BPF_WRITE_USER` being handled by Lockdown.
Lockdown original goal is creating a bright line between uid-0 and ring-0. In
other words, uid-0 should not be able to obtain write/and some read primitives
to kernel mode.

Fighting against userspace processes taking control over other userspace
processes should be handled by another security mechanism. Moreover, as you
said, this kind of behavior can already be obtained through multiple ways,
using ptrace as an example.

Honestly I'd like to recenter Lockdown to its original purpose and move the
`LOCKDOWN_BPF_WRITE_USER` thing elsewhere. IMHO, it matches well with YAMA.
Kees, do you have any thought on this ?

Best regards,

Nicolas

next prev parent reply	other threads:[~2026-04-27 14:25 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-27 12:39 BPF: writable uprobe pt_regs context bypasses lockdown=integrity Xavier Brouckaert (xabrouck)
2026-04-27 13:42 ` Greg KH
2026-04-27 13:43 ` Greg KH
2026-04-27 14:09 ` Jiri Olsa
2026-04-27 14:16   ` Alexei Starovoitov
2026-04-27 14:25 ` Nicolas Bouchinet [this message]
2026-04-27 14:56   ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ae9xx6WBG-3HyEHT@archlinux \
    --to=nicolas.bouchinet@oss.cyber.gouv.fr \
    --cc=bpf@vger.kernel.org \
    --cc=kees@kernel.org \
    --cc=security@kernel.org \
    --cc=xabrouck@cisco.com \
    --cc=xiujianfeng@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.