Re: [PATCH 1/6] ebpf: add a seccomp program type

From: Daniel Borkmann
Date: Wed Sep 09 2015 - 12:14:10 EST

Next message: Joe Perches: "Re: [PATCH 1/4] stmmac: replace all pr_xxx by their dev_xxx counterpart"
Previous message: Vlastimil Babka: "Re: [PATCH 0/2] btrfs: fortification for GFP_NOFS allocations"
In reply to: Daniel Borkmann: "Re: [PATCH 1/6] ebpf: add a seccomp program type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/04/2015 11:50 PM, Andy Lutomirski wrote:

On Fri, Sep 4, 2015 at 9:04 AM, Tycho Andersen

[...]

+static const struct bpf_func_proto *
+seccomp_func_proto(enum bpf_func_id func_id)
+{
+ /* Right now seccomp eBPF loading doesn't support maps; seccomp filters
+ * are considered to be read-only after they're installed, so map fds
+ * probably need to be invalidated when a seccomp filter with maps is
+ * installed.
+ *
+ * The rest of these might be reasonable to call from seccomp, so we
+ * export them.
+ */
+ switch (func_id) {
+ case BPF_FUNC_ktime_get_ns:
+ return &bpf_ktime_get_ns_proto;
+ case BPF_FUNC_trace_printk:
+ return bpf_get_trace_printk_proto();
+ case BPF_FUNC_get_prandom_u32:
+ return &bpf_get_prandom_u32_proto;

I don't think we should expose prandom to unprivileged userspace.
This may be an attack vector.

Agreed, it should not be exposed for unpriv'ed users.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "Re: [PATCH 1/4] stmmac: replace all pr_xxx by their dev_xxx counterpart"
Previous message: Vlastimil Babka: "Re: [PATCH 0/2] btrfs: fortification for GFP_NOFS allocations"
In reply to: Daniel Borkmann: "Re: [PATCH 1/6] ebpf: add a seccomp program type"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]