YoVDO

Closing the BPF Map Permission Loophole

Offered By: Linux Plumbers Conference via YouTube

Tags

Linux Plumbers Conference Courses Software Development Courses Permissions Management Courses Linux Kernel Development Courses BPF (Berkeley Packet Filter) Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a critical security issue in BPF map permissions discovered during the development of github.com/cloudflare/tubular. Learn how programs with CAP_BPF can bypass file permissions of BPF map file descriptors, making it impossible to enforce read-only access. Examine the interactions between permissions, map flags like BPF_F_RDONLY, and map freezing, and understand why current semantics fall short. Discover a proposed solution that modifies how the verifier tracks map value mutability. Recorded at the Linux Plumbers Conference 2022, this 32-minute talk by Lorenz Bauer delves into the intricacies of BPF security and offers insights into potential improvements for the Linux kernel.

Syllabus

Closing the BPF map permission loophole


Taught by

Linux Plumbers Conference

Related Courses

Real Time Mesajlaşma Uygulaması
Udemy A BPF Map for Online Packet Classification
Linux Plumbers Conference via YouTube A Clash of Things
Linux Plumbers Conference via YouTube A Dedicated Cache for Metadata
Linux Plumbers Conference via YouTube A Generic Energy Model Description
Linux Plumbers Conference via YouTube