tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative



On 2024-09-11 06:12:28 (+0800), Vadim Goncharov wrote:
> David Chisnall <theraven%FreeBSD.org@localhost> wrote:
>> BPF can be loaded only by root, who can also load kernel modules and
>> map /dev/[k]mem, and FreeBSD does not protect the root <-> kernel
>> boundary.
>
> Wrong. It is possible for decades to do `chmod a+r /dev/bpf*` and run
> tcpdump as non-root, which will load BPF code into kernel. Is *that*
> also a vulnerability, and if so, why it was never reported?

This is equivalent to chmod a+w /dev/mem.

Unwise configuration decisions are not vulnerabilities.

Philip


Home | Main Index | Thread Index | Old Index