From: "Alon, Liran" <liran@amazon.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>,
Dan Aloni <dan@kernelim.com>, bpf <bpf@vger.kernel.org>
Cc: <security@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>, Andrii Nakryiko <andrii@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@chromium.org>
Subject: Re: [PATCH] btf: Expose kernel BTF only to tasks with CAP_PERFMON
Date: Thu, 29 Oct 2020 00:30:49 +0200 [thread overview]
Message-ID: <3bccbaac-ec63-bc06-0e4b-5501c0788822@amazon.com> (raw)
In-Reply-To: <CAEf4BzZxabLCaNj0E5UEcnrEY25ujSLOzTbYRXneJy2HrY64JA@mail.gmail.com>
On 28/10/2020 23:56, Andrii Nakryiko wrote:
> + bpf@vger.kernel.org
You shouldn't Cc public email lists for a patch submitted to
security@kernel.org.
>
> On Wed, Oct 28, 2020 at 1:40 PM Dan Aloni <dan@kernelim.com> wrote:
>> Commit 341dfcf8d78e ("btf: expose BTF info through sysfs") added a sysfs
>> file that exposes to userspace kernel BTF information which allows
>> userspace to deduce the structure layout of all kernel internal
>> structures.
>>
>> This file is currently accessible to unprivileged users, without
>> requiring any special capability. Given that knowledge on kernel
>> structure layout is useful for dynamically building local privilege
>> escalation exploit in userspace, access to this file should be
>> restricted.
> So is /proc/config.gz, which is also very helpful in understanding
> what exactly is there in the kernel.
Viewing kernel build config is more like querying supported kernel features.
I don't consider it as a meaningful information disclosure, as I see
disclosing
the kernel internal struct layout.
> So seems to be
> /boot/vmlinux-$(uname -r), which has exactly the same BTF data and
> more.
I agree. True. Good enough argument for dropping this patch.
>
> Guarding /sys/kernel/bpf/vmlinux behind CAP_PERFMON would break a lot
> of users relying on BTF availability to build their BPF applications.
True. If this patch is applied, would need to at least be behind an
optin knob. Similar to dmesg_restrict.
next prev parent reply other threads:[~2020-10-28 22:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201028203853.2412751-1-dan@kernelim.com>
2020-10-28 21:56 ` [PATCH] btf: Expose kernel BTF only to tasks with CAP_PERFMON Andrii Nakryiko
2020-10-28 22:30 ` Alon, Liran [this message]
2020-10-28 23:06 ` Alexei Starovoitov
2020-10-29 4:15 ` Willy Tarreau
2020-10-30 11:23 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3bccbaac-ec63-bc06-0e4b-5501c0788822@amazon.com \
--to=liran@amazon.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=dan@kernelim.com \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=security@kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox