Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
Date: Thu, 31 Oct 2024 09:10:53 -0700
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>, Christian Brauner <brauner@xxxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Song Liu <song@xxxxxxxxxx>, bpf <bpf@xxxxxxxxxxxxxxx>, Linux-Fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Kernel Team <kernel-team@xxxxxxxx>, Andrii Nakryiko <andrii@xxxxxxxxxx>, Eduard Zingerman <eddyz87@xxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Martin KaFai Lau <martin.lau@xxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, KP Singh <kpsingh@xxxxxxxxxx>, Matt Bobrowski <mattbobrowski@xxxxxxxxxx>
In-reply-to: <B6CD210E-96C6-4730-BD05-EC3A0C6905EB@fb.com>

On Thu, Oct 31, 2024 at 9:02 AM Song Liu <songliubraving@xxxxxxxx> wrote:
>
> >  Not sure how you want to best handle that.
>
>  We may also introduce other prefixes for future use cases.

bpf infra makes zero effort to prevent insecure/nonsensical bpf programs.
It's futile. Humans will always find ways to shoot themselves in the foot.
Before bpf-lsm existed people were selling "security" products
where _tracing_ bpf programs monitored syscall activity with kprobes
suffering all TOCTOU issues and signaling root user same daemon
via bpf maps/ring buffers to kill "bad" processes.
Such startups still exist. There is no technical solution
to human "ingenuity".

References:
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christoph Hellwig
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Song Liu
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christoph Hellwig
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Song Liu
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Jan Kara
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christian Brauner
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christoph Hellwig
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christian Brauner
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christoph Hellwig
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Song Liu
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Christoph Hellwig
- Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
  - From: Song Liu

Prev by Date: Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
Next by Date: Re: [PATCH bpf v3] bpf, bpftool: Fix incorrect disasm pc
Previous by thread: Re: [PATCH bpf-next 2/2] selftests/bpf: Extend test fs_kfuncs to cover security.bpf xattr names
Next by thread: Re: [PATCH bpf-next 0/2] security.bpf xattr name prefix
Index(es):
- Date
- Thread

[Index of Archives] [Linux Samsung SoC] [Linux Rockchip SoC] [Linux Actions SoC] [Linux for Synopsys ARC Processors] [Linux NFS] [Linux NILFS] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]