Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs
From: Ingo Molnar
Date: Thu Oct 08 2015 - 02:22:05 EST
* Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> As far as sysctl we can look at two with similar purpose:
> sysctl_perf_event_paranoid and modules_disabled.
> First one is indeed multi level, but not because of the fear of bugs,
> but because of real security implications.
It serves both purposes flexibly, and note that most people and distros will use
the default value.
> [...] Like raw events on hyperthreaded cpu or uncore events can extract data
> from other user processes. So it controls these extra privileges.
It also controls the generally increased risk caused by a larger attack surface,
which some users may not want to carry and which they can thus shrink.
With a static keys approach there would be no runtime overhead worth speaking of,
so I see no reason why unprivileged eBPF couldn't have a sysctl too - with the
default value set to permissive.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/