Closing the BPF Map Permission Loophole

Explore a critical security issue in BPF map permissions discovered during the development of github.com/cloudflare/tubular. Learn how programs with CAP_BPF can bypass file permissions of BPF map file descriptors, making it impossible to enforce read-only access. Examine the interactions between permissions, map flags like BPF_F_RDONLY, and map freezing, and understand why current semantics fall short. Discover a proposed solution that modifies how the verifier tracks map value mutability. Recorded at the Linux Plumbers Conference 2022, this 32-minute talk by Lorenz Bauer delves into the intricacies of BPF security and offers insights into potential improvements for the Linux kernel.