www.infradead.org Git - users/dwmw2/linux.git/commit

author	Daniel Borkmann <daniel@iogearbox.net>
	Fri, 16 Aug 2019 22:05:20 +0000 (23:05 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 25 Aug 2019 08:50:03 +0000 (10:50 +0200)
commit	b3c69acfc7cea96c68b9af8af9ff13415839bbec
tree	2afd06854a5af689335fdac05acd83da3a0f0fcf	tree
parent	234646dcfc5f531c74ab20595e89eacd62e3611f	commit \| diff

bpf: restrict access to core bpf sysctls

commit 2e4a30983b0f9b19b59e38bbf7427d7fdd480d98 upstream.

Given BPF reaches far beyond just networking these days, it was
never intended to allow setting and in some cases reading those
knobs out of a user namespace root running without CAP_SYS_ADMIN,
thus tighten such access.

Also the bpf_jit_enable = 2 debugging mode should only be allowed
if kptr_restrict is not set since it otherwise can leak addresses
to the kernel log. Dump a note to the kernel log that this is for
debugging JITs only when enabled.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
[bwh: Backported to 4.14: We don't have bpf_dump_raw_ok(), so drop the
condition based on it. This condition only made it a bit harder for a
privileged user to do something silly.]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>