+ bpf@xxxxxxxxxxxxxxx
On Wed, Oct 28, 2020 at 1:40 PM Dan Aloni <dan@xxxxxxxxxxxx> wrote:
>
> Commit 341dfcf8d78e ("btf: expose BTF info through sysfs") added a sysfs
> file that exposes to userspace kernel BTF information which allows
> userspace to deduce the structure layout of all kernel internal
> structures.
>
> This file is currently accessible to unprivileged users, without
> requiring any special capability. Given that knowledge on kernel
> structure layout is useful for dynamically building local privilege
> escalation exploit in userspace, access to this file should be
> restricted.
So is /proc/config.gz, which is also very helpful in understanding
what exactly is there in the kernel. So seems to be
/boot/vmlinux-$(uname -r), which has exactly the same BTF data and
more.
Guarding /sys/kernel/bpf/vmlinux behind CAP_PERFMON would break a lot
of users relying on BTF availability to build their BPF applications.
We shouldn't expect developers to build their applications under root.
But that's what this patch is trying to do.
>
> Fixes: 341dfcf8d78e ("btf: expose BTF info through sysfs")
> Co-developed-by: Liran Alon <liran@xxxxxxxxxx>
> Signed-off-by: Liran Alon <liran@xxxxxxxxxx>
> Signed-off-by: Dan Aloni <dan@xxxxxxxxxxxx>
> ---
> kernel/bpf/sysfs_btf.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/bpf/sysfs_btf.c b/kernel/bpf/sysfs_btf.c
> index 11b3380887fa..c985d42dfa49 100644
> --- a/kernel/bpf/sysfs_btf.c
> +++ b/kernel/bpf/sysfs_btf.c
> @@ -7,6 +7,7 @@
> #include <linux/kobject.h>
> #include <linux/init.h>
> #include <linux/sysfs.h>
> +#include <linux/capability.h>
>
> /* See scripts/link-vmlinux.sh, gen_btf() func for details */
> extern char __weak __start_BTF[];
> @@ -17,6 +18,9 @@ btf_vmlinux_read(struct file *file, struct kobject *kobj,
> struct bin_attribute *bin_attr,
> char *buf, loff_t off, size_t len)
> {
> + if (!perfmon_capable())
> + return -EACCES;
> +
> memcpy(buf, __start_BTF + off, len);
> return len;
> }
> --
> 2.26.2
>
