From nobody Wed Sep 11 09:05:18 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X3ZRB6BRCz5WB2X; Wed, 11 Sep 2024 09:05:26 +0000 (UTC) (envelope-from vadimnuclight@gmail.com) Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X3ZRB04qPz4BHx; Wed, 11 Sep 2024 09:05:26 +0000 (UTC) (envelope-from vadimnuclight@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=XZDy8rHe; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of vadimnuclight@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=vadimnuclight@gmail.com Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-5366fd6fdf1so2272410e87.0; Wed, 11 Sep 2024 02:05:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726045524; x=1726650324; darn=freebsd.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=aygyrhQ+/cZDvRSNjzEqcDkc5n4UHMSS0q3kDo8ROik=; b=XZDy8rHeoSRNIob10aLzEwgev209wHvm0C9hqPI8yrGq5+Pqownx9/gjdI0pXltJdR ZnhHKHivvTvARAXuGkuh7otMDmTlXMXISO1yl+UaVwIN72GzK65qKm0NP8gZILBui1Zp dsGJurnd8HlHtq2jcl1AA7TGY+X6t2dc3hYgh8PYjfcsgFIRuYMjtHJW4AKLkVaz2O4O ddnUPVN5XZXT7efl2ITc7zR7NtjbleU0hyY44HCAJ53JrKjzg/J2F+RSmM8CiCAfydVY vaw1P3AyVTeeLdjdxncU4R9XE51xlKPgACeD8+YB6x7csXSgteH3UUQO6bNkOEo7r/vk CgjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726045524; x=1726650324; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aygyrhQ+/cZDvRSNjzEqcDkc5n4UHMSS0q3kDo8ROik=; b=a8h6jY1OEQYvExg+gxcBH+tiAsVIyV9C3CL87QjwRPxZBVwT3oCV7Sac9tlH6pfz99 AzFv1KNzYv2acMDBJT2MX7vJAo7QHhfbdMfmTICBQmHYsJo1Ousg6vT4n1HBUnHYKLwV g5IxDCVxe65G/qcLu2r8TTJl7BDTZZaxUjmgVyGJjEzZ4rZI+9WXJI3KKtmV+TWtbDBB u0+e2ltH+y75SU4H09d/3E6SSg8c1/ipyyLqrbSgAdCY1vlGZVfupGrxneC+kOnTAQbc sLviSzLz2xEKMws0wMeddpzkzQxtHRY4e7W2qiueo1OPw5ExPBenHhEHnxWR2bi3I4dK Ty6Q== X-Forwarded-Encrypted: i=1; AJvYcCU9O2gsRL2NL9BKC3i0VaJhTuMnlu0/XwRydalh3F1obUngb/MLHEDQ41xs6/Mq1mR8frUawRoMPgOtW87nAID3@freebsd.org, AJvYcCUfnW5Ccji0temXzlyfHjObcGTWBmJjmu49Bm4UYaKAezK2xEKTj9rBci/KhnddgdoxCfySysqTjCCe5qs=@freebsd.org, AJvYcCWpzp9DwEFJzU0jpe7tlTucwb8MFjStk/1avOuTdn4vPjcrimbUVbAD38Y5kkxJMLeUy8aK7PgqtC/Xwsg=@freebsd.org X-Gm-Message-State: AOJu0YwmCX2pMGd5uuieeQq6NHed7hx4j1Rl1HGBMULQ0FRGOscNfT3W LpTGY17PVs7KLhz8nw40PSz1o9SLgPGsMF0xbano+X/B6wEo0wrV X-Google-Smtp-Source: AGHT+IHFLBaXxhDXONnQW29ANP0GW0U6/BDTTyLArumdV+Kh1qEDoKIpQr+cVHC495aTj9UXrGCLEQ== X-Received: by 2002:a05:6512:3989:b0:535:3ce5:6173 with SMTP id 2adb3069b0e04-536587f6087mr11930442e87.37.1726045523447; Wed, 11 Sep 2024 02:05:23 -0700 (PDT) Received: from nuclight.lan ([37.204.254.214]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-5365f912ee5sm1513806e87.301.2024.09.11.02.05.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Sep 2024 02:05:23 -0700 (PDT) Date: Wed, 11 Sep 2024 12:05:18 +0300 From: Vadim Goncharov To: Philip Paeps Cc: David Chisnall , Poul-Henning Kamp , freebsd-arch@FreeBSD.org, freebsd-hackers@FreeBSD.org, freebsd-net@FreeBSD.org, tech-net@NetBSD.org Subject: Re: BPF64: proposal of platform-independent hardware-friendly backwards-compatible eBPF alternative Message-ID: <20240911120518.1ba191b5@nuclight.lan> In-Reply-To: References: <20240910040544.125245ad@nuclight.lan> <202409100638.48A6cor2090591@critter.freebsd.dk> <20240910144557.4d95052a@nuclight.lan> <4D84AF55-51C7-4C2B-94F7-D486A29E8821@FreeBSD.org> <20240910164447.30039291@nuclight.lan> <3F3533E4-6059-4B4F-825F-6995745FDE35@FreeBSD.org> <20240911011228.161f94db@nuclight.lan> X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; amd64-portbld-freebsd12.4) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.55 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.55)[-0.554]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ARC_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org,freebsd-hackers@freebsd.org,freebsd-net@freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::12a:from]; RCPT_COUNT_SEVEN(0.00)[7]; DKIM_TRACE(0.00)[gmail.com:+] X-Rspamd-Queue-Id: 4X3ZRB04qPz4BHx On Wed, 11 Sep 2024 10:14:44 +0800 Philip Paeps wrote: > On 2024-09-11 06:12:28 (+0800), Vadim Goncharov wrote: > > David Chisnall wrote: > >> BPF can be loaded only by root, who can also load kernel modules > >> and map /dev/[k]mem, and FreeBSD does not protect the root <-> > >> kernel boundary. > > > > Wrong. It is possible for decades to do `chmod a+r /dev/bpf*` and > > run tcpdump as non-root, which will load BPF code into kernel. Is > > *that* also a vulnerability, and if so, why it was never reported? > > This is equivalent to chmod a+w /dev/mem. > > Unwise configuration decisions are not vulnerabilities. But then a possibility to give this to non-root is. And many things are considered vulnerabilitites even if they are only available to root - for example, when root can be tricked into running malicious code etc. (unconscious) actions without direct intention. Equivalency of classic BPF to writable /dev/mem is too loud and controversial statement. Demonstrate how it can be done on stock FreeBSD 13 with /dev/bpf available to attacker (e.g. `sudo tcpdump` allowed). -- WBR, @nuclight