Hi, > On 12. Feb 2024, at 19:15, Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > > In a german developer blog article was the topic raised, that with uprobes enabled, userland apps can i.e. circumvent tls security(and other protections), > by telling the kernel to probe the function calls with the uprobes api. As this enables i.e. the hosting system of a vm or container, to track activity inside the container, trust is lost i.e. from customer to hoster. To be fair, you need to be root on the host to do this, but as it "wasn't possible before", and it is "now" ( out in a greater public ), it tends to create trust issues, just for being there*. How was this not possible before? If I’m root on the host, I could always start a gdb and attach it to a process running in a container. I could also always have replaced a file in the container (e.g., the libssl.so library with an instrumented one that just writes the TLS communication in clear text into a pipe). On a kernel with /dev/mem, the host could probably have located the encryption keys directly in memory, too. It really sounds to me like the incorrect assumption here is that the host was not already able to do these things. If you don’t trust your host, look into confidential computing and confidential containers. Those also don’t solve every single problem, but they get you closer. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
