On 28/10/2020 23:56, Andrii Nakryiko wrote:
+ bpf@xxxxxxxxxxxxxxx
You shouldn't Cc public email lists for a patch submitted to
security@xxxxxxxxxx.
On Wed, Oct 28, 2020 at 1:40 PM Dan Aloni <dan@xxxxxxxxxxxx> wrote:
Commit 341dfcf8d78e ("btf: expose BTF info through sysfs") added a sysfs
file that exposes to userspace kernel BTF information which allows
userspace to deduce the structure layout of all kernel internal
structures.
This file is currently accessible to unprivileged users, without
requiring any special capability. Given that knowledge on kernel
structure layout is useful for dynamically building local privilege
escalation exploit in userspace, access to this file should be
restricted.
So is /proc/config.gz, which is also very helpful in understanding
what exactly is there in the kernel.
Viewing kernel build config is more like querying supported kernel features.
I don't consider it as a meaningful information disclosure, as I see
disclosing
the kernel internal struct layout.
So seems to be
/boot/vmlinux-$(uname -r), which has exactly the same BTF data and
more.
I agree. True. Good enough argument for dropping this patch.
Guarding /sys/kernel/bpf/vmlinux behind CAP_PERFMON would break a lot
of users relying on BTF availability to build their BPF applications.
True. If this patch is applied, would need to at least be behind an
optin knob. Similar to dmesg_restrict.
