Loading BPF code from user space is, I hope, only possible with root access to the system.
That would mean that an attacker needs root access to exploit BPF, but if an attacker has root access what stops him/her to do anything they want? At this time the system is lost anyway.
Loading BPF code from user space is, I hope, only possible with root access to the system. That would mean that an attacker needs root access to exploit BPF, but if an attacker has root access what stops him/her to do anything they want? At this time the system is lost anyway.
Or am I missing anything?
If the executable binary has to be signed with a key, similar to the module signing key, Microsoft could sign their binaries
This, along with secureboot, would prevent the owner of the machine from running eBPF programs Microsoft doesn’t want you to run, even with root
Yeah, that’s why I am against Microsoft Keys on my systems
I fail to see the positive side of that…
Odds are because there isn’t one.
Abusers will always try to justify their abuse by saying their victims “don’t understand” why it’s “necessary.”
I wasn’t trying to give a positive side, I was just explaining why Microsoft wants the feature