On February˙12, Yeoreum Yun posted a
suggestion
for an improvement to the security of the kernel's BPF implementation: use
memory protection keys to prevent unauthorized access to memory by BPF programs.
Yun wanted to put the topic on the list for discussion at the Linux
Storage, Filesystem, Memory Management, and BPF Summit in May, but the
lack of engagement makes that unlikely. They also have a patch set implementing some of the proposed changes, but has not yet shared that with the mailing list.
Yun's proposal does not seem likely to be accepted in its
current form, but the kernel has
added hardware-based hardening options in the
past, sometimes after substantial discussion.
https://lwn.net/Articles/1059218/
--- SBBSecho 3.34-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)