Cisco
Closing the BPF map permission loophole
Closing the BPF map permission loophole
#Closing #BPF #map #permission #loophole
“Linux Plumbers Conference”
While working on github.com/cloudflare/tubular we discovered that it’s possible for a program with CAP_BPF to circumvent file permissions of BPF map fds, effectively making it impossible to enforce read-only access. In our case, a process exporting metrics from maps can’t be prevented from…
source
To see the full content, share this page by clicking one of the buttons below |