On Wed, Jul 23, 2014 at 4:46 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> >> eBPF programs can call in-kernel helper functions to: >> - lookup/update/delete elements in maps >> - memcmp >> - trace_printk >> - load_pointer >> - dump_stack > > Ah, this must be the pointer leaking you mentioned. :) > > > Can the existing tracing mechanisms already expose kernel addresses? I > suspect "yes". So I guess existing limitations on tracing exposure > should already cover access control here? (I'm trying to figure out if > a separate CONFIG is needed -- I don't think so: nothing "new" is > exposed via eBPF, is that right?) correct. through debugfs/tracing the whole kernel is already exposed. Idea of eBPF for tracing is to give kernel developers and performance engineers a tool to analyze what kernel is doing by writing programs in C and attaching them to kprobe/tracepoint events, so it's definitely for root only. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
