Closing the BPF map permission loophole

0 Less than a minute

Closing the BPF map permission loophole

#Closing #BPF #map #permission #loophole

“Linux Plumbers Conference”

While working on github.com/cloudflare/tubular we discovered that it’s possible for a program with CAP_BPF to circumvent file permissions of BPF map fds, effectively making it impossible to enforce read-only access. In our case, a process exporting metrics from maps can’t be prevented from…

source

To see the full content, share this page by clicking one of the buttons below

0 Less than a minute

Closing the BPF map permission loophole

“Linux Plumbers Conference”

To see the full content, share this page by clicking one of the buttons below

Related Articles

Episode 246 Battle at Cisco Grove

Cisco Configuring Initial Switch Configuration Bahasa

Helena City Of Gold, 1973 Helena Montana

Cisco Switches That Can Power More Devices

Leave a ReplyCancel reply