Unprivileged BPF and authoritative security hooks

Posted Apr 28, 2023 2:09 UTC (Fri) by geofft (subscriber, #59789)
In reply to: Unprivileged BPF and authoritative security hooks by developer122
Parent article: Unprivileged BPF and authoritative security hooks

Android uses user IDs to great effect to sandbox applications from each other, even though Android is almost always used as a single-user OS. (On the other hand, iOS runs everything as a single user and has a separate kernel sandboxing thing, kind of like a mix between seccomp and LSMs. Both approaches have had bugs but have basically been sound designs overall, so maybe this is an argument that single-user machines don't really need UIDs.)

I'm not sure if this is what was meant, but I can see the argument that Linux is a single-person OS and powerful features like BPF should be controlled and assigned to UIDs by a single person.

Unprivileged BPF and authoritative security hooks

Posted Apr 28, 2023 3:21 UTC (Fri) by raven667 (subscriber, #5198) [Link] (2 responses)

> can see the argument that Linux is a single-person OS

Sure, most Linux systems are owner-operated, but as soon as you accept a use case where this isn't true, then you end up needing all the complexity and policy for multi-user systems, so you might as well plan for that from the start.

Unprivileged BPF and authoritative security hooks

Posted Apr 29, 2023 6:36 UTC (Sat) by developer122 (guest, #152928) [Link] (1 responses)

I wonder if the entire concept of user IDs, filesystem permissions, etc could be exported into one or more LSMs.

Unprivileged BPF and authoritative security hooks

Posted May 3, 2023 10:36 UTC (Wed) by smurf (subscriber, #17840) [Link]

No reason it can't be AFAIK.