Overview
Explore a critical security issue in BPF map permissions discovered during the development of github.com/cloudflare/tubular. Learn how programs with CAP_BPF can bypass file permissions of BPF map file descriptors, making it impossible to enforce read-only access. Examine the interactions between permissions, map flags like BPF_F_RDONLY, and map freezing, and understand why current semantics fall short. Discover a proposed solution that modifies how the verifier tracks map value mutability. Recorded at the Linux Plumbers Conference 2022, this 32-minute talk by Lorenz Bauer delves into the intricacies of BPF security and offers insights into potential improvements for the Linux kernel.
Syllabus
Closing the BPF map permission loophole
Taught by
Linux Plumbers Conference