On Mon, Nov 16, 2020 at 2:48 PM KP Singh wrote:
>
> [...]
>
> > >
> > > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64,
> > > flags)
> > > +{
> >
> > This should also reject invalid flags. I'd rather change this helper from
> > RET_VOID
> > to RET_INTEGER and throw -EINVAL
On Mon, Nov 16, 2020 at 11:48 PM KP Singh wrote:
>
> [...]
>
> > >
> > > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64,
> > > flags)
> > > +{
> >
> > This should also reject invalid flags. I'd rather change this helper from
> > RET_VOID
> > to RET_INTEGER and throw -EINVAL
[...]
> >
> > +BPF_CALL_2(bpf_lsm_set_bprm_opts, struct linux_binprm *, bprm, u64, flags)
> > +{
>
> This should also reject invalid flags. I'd rather change this helper from
> RET_VOID
> to RET_INTEGER and throw -EINVAL for everything other than
> BPF_LSM_F_BPRM_SECUREEXEC
> passed in here
On 11/16/20 3:01 PM, KP Singh wrote:
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_LSM_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to
From: KP Singh
The helper allows modification of certain bits on the linux_binprm
struct starting with the secureexec bit which can be updated using the
BPF_LSM_F_BPRM_SECUREEXEC flag.
secureexec can be set by the LSM for privilege gaining executions to set
the AT_SECURE auxv for glibc. When
5 matches
Mail list logo
