From: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
To: Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
Cc: "David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Steven Rostedt <rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org>,
Daniel Borkmann
<dborkman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Chema Gonzalez <chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Peter Zijlstra
<a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Network Development
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events
Date: Fri, 15 Aug 2014 12:32:41 -0700 [thread overview]
Message-ID: <CALCETrUXeBSv6KbsPC+kHTAbAB2B8T3rk5N-OOZvCPU8fOr5Ew@mail.gmail.com> (raw)
In-Reply-To: <CAMEtUuzDxzPHsch24U_NjX23r6BvmK9b723HHJeNwQOJeA8r1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Fri, Aug 15, 2014 at 12:29 PM, Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org> wrote:
> On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote:
>>>>
>>>> I don't think that fixing this should be a prerequisite for merging,
>>>> since the risk is so small. Nonetheless, it would be nice. (This
>>>> family of attacks has lead to several root vulnerabilities in the
>>>> past.)
>>>
>>> Ok. I think keeping a track of pid between open and write is kinda
>>> ugly.
>>
>> Agreed.
>>
>> TBH, I would just add a comment to the open implementation saying
>> that, if unprivileged or less privileged open is allowed, then this
>> needs to be fixed.
>
> ok. will do.
>
>>> Should we add some new CAP flag and check it for all file
>>> ops? Another option is to conditionally make open() of tracing
>>> files as cloexec...
>>
>> That won't help. The same attack can be done with SCM_RIGHTS, and
>> cloexec can be cleared.
>
> ouch, can we then make ebpf FDs and may be debugfs FDs
> not passable at all? Otherwise it feels that generality and
> flexibility of FDs is becoming a burden.
I'm not sure there's much of a general problem. The issue is when
there's an fd for which write(2) (or other
assumed-to-not-check-permissions calls like read, pread, pwrite, etc)
depend on context. This is historically an issue for netlink and
various /proc files.
--Andy
next prev parent reply other threads:[~2014-08-15 19:32 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-13 7:57 [PATCH RFC v4 net-next 00/26] BPF syscall, maps, verifier, samples, llvm Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 01/26] net: filter: add "load 64-bit immediate" eBPF instruction Alexei Starovoitov
[not found] ` <1407916658-8731-2-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-13 9:17 ` Daniel Borkmann
[not found] ` <53EB2D31.8090204-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-08-13 17:34 ` Alexei Starovoitov
[not found] ` <CAMEtUuzo6xQkhg+y0h_WEArVZi9cxVoGAcTBDcwMXza+eQGBTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 17:39 ` Daniel Borkmann
2014-08-13 16:08 ` Andy Lutomirski
[not found] ` <CALCETrXzZVxMGUgDPOKwN0DPLvupU=ew1z6D4U-jHg+RoyZyLg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 17:44 ` Alexei Starovoitov
2014-08-13 18:35 ` Andy Lutomirski
2014-08-13 21:02 ` Alexei Starovoitov
[not found] ` <CAMEtUuwx6Y4qxyz4TGK9=M2BH-dXnPsm+JrusqbyjzK20yUv6A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:16 ` H. Peter Anvin
2014-08-13 21:17 ` Andy Lutomirski
[not found] ` <CALCETrVDrbD3goYmZsUdmEhVfaNxovyghCz6y+_q5+G+rVwtWg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:21 ` H. Peter Anvin
2014-08-13 21:23 ` Andy Lutomirski
[not found] ` <CALCETrUghSd-Z3+z_MUierWHQnA_dDOQcJ++EKryUeGTh5LbbA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:27 ` H. Peter Anvin
2014-08-13 21:38 ` Alexei Starovoitov
2014-08-13 21:56 ` Alexei Starovoitov
2014-08-13 21:41 ` Andy Lutomirski
[not found] ` <CALCETrVUPofE2w2t-_iwcTim8kbdcx93yW==+CwoqVqsaNnXHg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:43 ` Alexei Starovoitov
2014-08-13 21:37 ` Alexei Starovoitov
2014-08-13 21:38 ` Andy Lutomirski
2014-08-13 7:57 ` [PATCH RFC v4 net-next 02/26] net: filter: split filter.h and expose eBPF to user space Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 03/26] bpf: introduce syscall(BPF, ...) and BPF maps Alexei Starovoitov
[not found] ` <1407916658-8731-4-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-14 22:28 ` Brendan Gregg
[not found] ` <CAE40pdcCqu6zBqDgAXBpKHzX=y7hXtz83yEadYTE2yACiqyT3g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:40 ` Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 04/26] bpf: enable bpf syscall on x64 Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 05/26] bpf: add lookup/update/delete/iterate methods to BPF maps Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 06/26] bpf: add hashtable type of " Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 08/26] bpf: handle pseudo BPF_CALL insn Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 09/26] bpf: verifier (add docs) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 10/26] bpf: verifier (add ability to receive verification log) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 14/26] bpf: verifier (add state prunning optimization) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 15/26] bpf: allow eBPF programs to use maps Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 16/26] net: sock: allow eBPF programs to be attached to sockets Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events Alexei Starovoitov
2014-08-14 21:20 ` Brendan Gregg
[not found] ` <CAE40pdf0pNYyazjpdkzxNJi7iC4LOOr_XEu078OUqP_uoCXnHg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:08 ` Alexei Starovoitov
[not found] ` <CAMEtUuymPDhYBe42i4DJNXsdgZRaq9LuEU_nGSsqrY1FcFHqhQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:20 ` Andy Lutomirski
[not found] ` <CALCETrVH8KXr8uSHAVy5eBsqmi1LjB5QZpboAGcjYswXvW1opA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:36 ` Alexei Starovoitov
[not found] ` <CAMEtUuzey7PanznrAguOpvPLxyhgJB++ovE8RNys7srs=EY1qg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:50 ` Andy Lutomirski
[not found] ` <CALCETrVhjO5c7ob1vntx031c5RmxRHimkRt1F2EsmzdKB53_NA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:56 ` Alexei Starovoitov
[not found] ` <CAMEtUuzT53jeH-L+saW-RopSR2EERO5UKVHyeORTGHVMCHbYag-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:02 ` Andy Lutomirski
2014-08-15 19:16 ` Alexei Starovoitov
[not found] ` <CAMEtUuwF2_+qzkaW6rkw9cyYJ2eb01B_ZyBcwrJ7nd+GqN5-mQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:18 ` Andy Lutomirski
[not found] ` <CALCETrUqop+UB-BhyX4Y41kELO+6kcFdS1F7ZyN0CzRwg4UGhA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:35 ` Alexei Starovoitov
2014-08-19 18:39 ` Alexei Starovoitov
2014-08-15 17:25 ` Andy Lutomirski
[not found] ` <CALCETrV7vO6r--G2ns+A6qmDQYSzNXeemT=x41EF+XWmayM95g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:51 ` Alexei Starovoitov
[not found] ` <CAMEtUuzCyxdOo+yYYZfDPRAu2yeQOw8TbUABwU-HD0+78PnV7A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:53 ` Andy Lutomirski
2014-08-15 19:07 ` Alexei Starovoitov
2014-08-15 19:20 ` Andy Lutomirski
[not found] ` <CALCETrW4Yscrte9=_ks_1BhSE9FTe-KZTv_a=g5wrwKhKkiuow-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:29 ` Alexei Starovoitov
[not found] ` <CAMEtUuzDxzPHsch24U_NjX23r6BvmK9b723HHJeNwQOJeA8r1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:32 ` Andy Lutomirski [this message]
2014-08-13 7:57 ` [PATCH RFC v4 net-next 18/26] tracing: allow eBPF programs to be attached to kprobe/kretprobe Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 19/26] samples: bpf: add mini eBPF library to manipulate maps and programs Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 20/26] samples: bpf: example of stateful socket filtering Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 21/26] samples: bpf: example of tracing filters with eBPF Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 24/26] samples: bpf: eBPF example in C Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 25/26] samples: bpf: counting " Alexei Starovoitov
2014-08-14 22:13 ` Brendan Gregg
[not found] ` <CAE40pdcdgRASVEWCrUjHUH3eHp2ohTrK27FCv=Ji62sKNcKggQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:19 ` Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 26/26] bpf: verifier test Alexei Starovoitov
[not found] ` <1407916658-8731-1-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-13 7:57 ` [PATCH RFC v4 net-next 07/26] bpf: expand BPF syscall with program load/unload Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 11/26] bpf: handle pseudo BPF_LD_IMM64 insn Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 12/26] bpf: verifier (add branch/goto checks) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 13/26] bpf: verifier (add verifier core) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 22/26] bpf: llvm backend Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 23/26] samples: bpf: elf file loader Alexei Starovoitov
[not found] ` <1407916658-8731-24-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-14 19:29 ` Brendan Gregg
[not found] ` <CAE40pddG1e3Q8OZ8t5QQimGhHzS5FbqK3YuvKnFywEEoSUbGzQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 5:56 ` Alexei Starovoitov
2014-08-13 8:52 ` [PATCH RFC v4 net-next 00/26] BPF syscall, maps, verifier, samples, llvm David Laight
2014-08-13 17:30 ` Alexei Starovoitov
2014-08-13 17:40 ` Andy Lutomirski
2014-08-13 18:00 ` Alexei Starovoitov
[not found] ` <063D6719AE5E284EB5DD2968C1650D6D174760F3-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2014-08-13 23:25 ` David Miller
2014-08-13 23:34 ` Andy Lutomirski
[not found] ` <CALCETrV4u3jup3pRjEJiPcvccvH84bYykLYxCCU7ek7yprt+Fg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 23:46 ` Alexei Starovoitov
2014-08-13 23:53 ` Andy Lutomirski
2014-08-14 19:17 ` Brendan Gregg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALCETrUXeBSv6KbsPC+kHTAbAB2B8T3rk5N-OOZvCPU8fOr5Ew@mail.gmail.com \
--to=luto-klttt9wpgjjwatoyat5jvq@public.gmane.org \
--cc=a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org \
--cc=chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dborkman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).