On Fri, Jun 18, 2021 at 4:55 AM Lorenz Bauer <lmb@xxxxxxxxxxxxxx> wrote: > > On Fri, 18 Jun 2021 at 11:55, Maciej Żenczykowski > <zenczykowski@xxxxxxxxx> wrote: > > > > This reverts commit d37300ed182131f1757895a62e556332857417e5. > > > > This breaks Android userspace which expects to be able to > > fetch programs with just read permissions. > > Sorry about this! I'll defer to the maintainers what to do here. > Reverting leaves us with a gaping hole for access control of pinned > programs. Not sure what hole you're referring to. Could you provide more details/explanation? It seems perfectly reasonable to be able to get a program with just read privs. After all, you're not modifying it, just using it. AFAIK there is no way to modify a program after it was loaded, has this changed? if so, the checks should be on the modifications not the fd fetch. I guess one could argue fetching with write only privs doesn't make sense? Anyway... userspace is broken... so revert is the answer. In Android the process loading/pinning bpf maps/programs is a different process (the 'bpfloader') to the users (which are far less privileged)
