From: Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
To: Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
Cc: "David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Steven Rostedt <rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org>,
Daniel Borkmann
<dborkman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Chema Gonzalez <chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Peter Zijlstra
<a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Network Development
<netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events
Date: Fri, 15 Aug 2014 12:29:38 -0700 [thread overview]
Message-ID: <CAMEtUuzDxzPHsch24U_NjX23r6BvmK9b723HHJeNwQOJeA8r1A@mail.gmail.com> (raw)
In-Reply-To: <CALCETrW4Yscrte9=_ks_1BhSE9FTe-KZTv_a=g5wrwKhKkiuow-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Fri, Aug 15, 2014 at 12:20 PM, Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> wrote:
>>>
>>> I don't think that fixing this should be a prerequisite for merging,
>>> since the risk is so small. Nonetheless, it would be nice. (This
>>> family of attacks has lead to several root vulnerabilities in the
>>> past.)
>>
>> Ok. I think keeping a track of pid between open and write is kinda
>> ugly.
>
> Agreed.
>
> TBH, I would just add a comment to the open implementation saying
> that, if unprivileged or less privileged open is allowed, then this
> needs to be fixed.
ok. will do.
>> Should we add some new CAP flag and check it for all file
>> ops? Another option is to conditionally make open() of tracing
>> files as cloexec...
>
> That won't help. The same attack can be done with SCM_RIGHTS, and
> cloexec can be cleared.
ouch, can we then make ebpf FDs and may be debugfs FDs
not passable at all? Otherwise it feels that generality and
flexibility of FDs is becoming a burden.
next prev parent reply other threads:[~2014-08-15 19:29 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-13 7:57 [PATCH RFC v4 net-next 00/26] BPF syscall, maps, verifier, samples, llvm Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 01/26] net: filter: add "load 64-bit immediate" eBPF instruction Alexei Starovoitov
[not found] ` <1407916658-8731-2-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-13 9:17 ` Daniel Borkmann
[not found] ` <53EB2D31.8090204-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-08-13 17:34 ` Alexei Starovoitov
[not found] ` <CAMEtUuzo6xQkhg+y0h_WEArVZi9cxVoGAcTBDcwMXza+eQGBTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 17:39 ` Daniel Borkmann
2014-08-13 16:08 ` Andy Lutomirski
[not found] ` <CALCETrXzZVxMGUgDPOKwN0DPLvupU=ew1z6D4U-jHg+RoyZyLg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 17:44 ` Alexei Starovoitov
2014-08-13 18:35 ` Andy Lutomirski
2014-08-13 21:02 ` Alexei Starovoitov
[not found] ` <CAMEtUuwx6Y4qxyz4TGK9=M2BH-dXnPsm+JrusqbyjzK20yUv6A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:16 ` H. Peter Anvin
2014-08-13 21:17 ` Andy Lutomirski
[not found] ` <CALCETrVDrbD3goYmZsUdmEhVfaNxovyghCz6y+_q5+G+rVwtWg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:21 ` H. Peter Anvin
2014-08-13 21:23 ` Andy Lutomirski
[not found] ` <CALCETrUghSd-Z3+z_MUierWHQnA_dDOQcJ++EKryUeGTh5LbbA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:27 ` H. Peter Anvin
2014-08-13 21:38 ` Alexei Starovoitov
2014-08-13 21:56 ` Alexei Starovoitov
2014-08-13 21:41 ` Andy Lutomirski
[not found] ` <CALCETrVUPofE2w2t-_iwcTim8kbdcx93yW==+CwoqVqsaNnXHg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 21:43 ` Alexei Starovoitov
2014-08-13 21:37 ` Alexei Starovoitov
2014-08-13 21:38 ` Andy Lutomirski
2014-08-13 7:57 ` [PATCH RFC v4 net-next 02/26] net: filter: split filter.h and expose eBPF to user space Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 03/26] bpf: introduce syscall(BPF, ...) and BPF maps Alexei Starovoitov
[not found] ` <1407916658-8731-4-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-14 22:28 ` Brendan Gregg
[not found] ` <CAE40pdcCqu6zBqDgAXBpKHzX=y7hXtz83yEadYTE2yACiqyT3g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:40 ` Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 04/26] bpf: enable bpf syscall on x64 Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 05/26] bpf: add lookup/update/delete/iterate methods to BPF maps Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 06/26] bpf: add hashtable type of " Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 08/26] bpf: handle pseudo BPF_CALL insn Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 09/26] bpf: verifier (add docs) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 10/26] bpf: verifier (add ability to receive verification log) Alexei Starovoitov
[not found] ` <1407916658-8731-1-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-13 7:57 ` [PATCH RFC v4 net-next 07/26] bpf: expand BPF syscall with program load/unload Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 11/26] bpf: handle pseudo BPF_LD_IMM64 insn Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 12/26] bpf: verifier (add branch/goto checks) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 13/26] bpf: verifier (add verifier core) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 22/26] bpf: llvm backend Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 23/26] samples: bpf: elf file loader Alexei Starovoitov
[not found] ` <1407916658-8731-24-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2014-08-14 19:29 ` Brendan Gregg
[not found] ` <CAE40pddG1e3Q8OZ8t5QQimGhHzS5FbqK3YuvKnFywEEoSUbGzQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 5:56 ` Alexei Starovoitov
2014-08-13 8:52 ` [PATCH RFC v4 net-next 00/26] BPF syscall, maps, verifier, samples, llvm David Laight
2014-08-13 17:30 ` Alexei Starovoitov
2014-08-13 17:40 ` Andy Lutomirski
2014-08-13 18:00 ` Alexei Starovoitov
[not found] ` <063D6719AE5E284EB5DD2968C1650D6D174760F3-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2014-08-13 23:25 ` David Miller
2014-08-13 23:34 ` Andy Lutomirski
[not found] ` <CALCETrV4u3jup3pRjEJiPcvccvH84bYykLYxCCU7ek7yprt+Fg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 23:46 ` Alexei Starovoitov
2014-08-13 23:53 ` Andy Lutomirski
2014-08-14 19:17 ` Brendan Gregg
2014-08-13 7:57 ` [PATCH RFC v4 net-next 14/26] bpf: verifier (add state prunning optimization) Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 15/26] bpf: allow eBPF programs to use maps Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 16/26] net: sock: allow eBPF programs to be attached to sockets Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events Alexei Starovoitov
2014-08-14 21:20 ` Brendan Gregg
[not found] ` <CAE40pdf0pNYyazjpdkzxNJi7iC4LOOr_XEu078OUqP_uoCXnHg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:08 ` Alexei Starovoitov
[not found] ` <CAMEtUuymPDhYBe42i4DJNXsdgZRaq9LuEU_nGSsqrY1FcFHqhQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:20 ` Andy Lutomirski
[not found] ` <CALCETrVH8KXr8uSHAVy5eBsqmi1LjB5QZpboAGcjYswXvW1opA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:36 ` Alexei Starovoitov
[not found] ` <CAMEtUuzey7PanznrAguOpvPLxyhgJB++ovE8RNys7srs=EY1qg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:50 ` Andy Lutomirski
[not found] ` <CALCETrVhjO5c7ob1vntx031c5RmxRHimkRt1F2EsmzdKB53_NA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:56 ` Alexei Starovoitov
[not found] ` <CAMEtUuzT53jeH-L+saW-RopSR2EERO5UKVHyeORTGHVMCHbYag-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:02 ` Andy Lutomirski
2014-08-15 19:16 ` Alexei Starovoitov
[not found] ` <CAMEtUuwF2_+qzkaW6rkw9cyYJ2eb01B_ZyBcwrJ7nd+GqN5-mQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:18 ` Andy Lutomirski
[not found] ` <CALCETrUqop+UB-BhyX4Y41kELO+6kcFdS1F7ZyN0CzRwg4UGhA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:35 ` Alexei Starovoitov
2014-08-19 18:39 ` Alexei Starovoitov
2014-08-15 17:25 ` Andy Lutomirski
[not found] ` <CALCETrV7vO6r--G2ns+A6qmDQYSzNXeemT=x41EF+XWmayM95g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 17:51 ` Alexei Starovoitov
[not found] ` <CAMEtUuzCyxdOo+yYYZfDPRAu2yeQOw8TbUABwU-HD0+78PnV7A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 18:53 ` Andy Lutomirski
2014-08-15 19:07 ` Alexei Starovoitov
2014-08-15 19:20 ` Andy Lutomirski
[not found] ` <CALCETrW4Yscrte9=_ks_1BhSE9FTe-KZTv_a=g5wrwKhKkiuow-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:29 ` Alexei Starovoitov [this message]
[not found] ` <CAMEtUuzDxzPHsch24U_NjX23r6BvmK9b723HHJeNwQOJeA8r1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:32 ` Andy Lutomirski
2014-08-13 7:57 ` [PATCH RFC v4 net-next 18/26] tracing: allow eBPF programs to be attached to kprobe/kretprobe Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 19/26] samples: bpf: add mini eBPF library to manipulate maps and programs Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 20/26] samples: bpf: example of stateful socket filtering Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 21/26] samples: bpf: example of tracing filters with eBPF Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 24/26] samples: bpf: eBPF example in C Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 25/26] samples: bpf: counting " Alexei Starovoitov
2014-08-14 22:13 ` Brendan Gregg
[not found] ` <CAE40pdcdgRASVEWCrUjHUH3eHp2ohTrK27FCv=Ji62sKNcKggQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 6:19 ` Alexei Starovoitov
2014-08-13 7:57 ` [PATCH RFC v4 net-next 26/26] bpf: verifier test Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMEtUuzDxzPHsch24U_NjX23r6BvmK9b723HHJeNwQOJeA8r1A@mail.gmail.com \
--to=ast-uqk4ao+rvk5wk0htik3j/w@public.gmane.org \
--cc=a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=chema-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=dborkman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=rostedt-nx8X9YLhiw1AfugRpC6u6w@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).