Sep 12 – 14, 2022
Europe/Dublin timezone

Closing the BPF map permission loophole

Sep 14, 2022, 11:00 AM
30m
"Meeting 9" (Clayton Hotel on Burlington Road)

"Meeting 9"

Clayton Hotel on Burlington Road

42
eBPF & Networking Track eBPF & Networking

Speaker

Lorenz Bauer

Description

While working on github.com/cloudflare/tubular we discovered that it’s possible for a program with CAP_BPF to circumvent file permissions of BPF map fds, effectively making it impossible to enforce read-only access. In our case, a process exporting metrics from maps can’t be prevented from also being able to modify those maps.
I will outline how permissions, map flags like BPF_F_RDONLY and map freezing interact and explain how current semantics fall short. I’ll also propose a possible solution which changes how the verifier tracks the mutability of map values.

I agree to abide by the anti-harassment policy Yes

Primary author

Lorenz Bauer

Presentation materials