Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Closing the BPF Map Permission Loophole

Linux Plumbers Conference via YouTube

Overview

Explore a critical security issue in BPF map permissions discovered during the development of github.com/cloudflare/tubular. Learn how programs with CAP_BPF can bypass file permissions of BPF map file descriptors, making it impossible to enforce read-only access. Examine the interactions between permissions, map flags like BPF_F_RDONLY, and map freezing, and understand why current semantics fall short. Discover a proposed solution that modifies how the verifier tracks map value mutability. Recorded at the Linux Plumbers Conference 2022, this 32-minute talk by Lorenz Bauer delves into the intricacies of BPF security and offers insights into potential improvements for the Linux kernel.

Syllabus

Closing the BPF map permission loophole

Taught by

Linux Plumbers Conference

Reviews

Start your review of Closing the BPF Map Permission Loophole

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.