/plushcap/analysis/cloudflare/live-patch-security-vulnerabilities-with-ebpf-lsm

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

What's this blog post about?

The text discusses Linux Security Modules (LSM) and how they can be used to implement security policies in the Linux kernel. It introduces LSM BPF, a new way of implementing granular security policies without configuration or loading a kernel module. The author then presents a real-world problem involving unshare syscall and privilege escalation, and demonstrates how LSM BPF can be used to solve this issue by tracking down the appropriate hook candidate and writing an LSM BPF program. Finally, the text discusses the performance impact of the solution and proposes a patch for propagating error codes from the cred_prepare hook up the call stack.

Company
Cloudflare

Date published
June 29, 2022

Author(s)
Frederick Lawler

Word count
1957

Language
English

Hacker News points
9


By Matt Makai. 2021-2024.