Announcement

**skeevy420** · 13 August 2021, 08:15 AM

Originally posted by onlyLinuxLuvUBack View Post

Can you imagine sitting at the linux "Foundation" meeting:

Microsoft: Ok guys you know if they run linux we can't control them,
we can't bend them over and mine their data.

Crowd(Google etc): No... no... why ?
Microsoft: Silence. I have a plan, we all joined this foundation
so we could corrupt linux and be able to control it, no ?
If the linux "Foundation" changes linux then who would stop us ?

CCP: Son, we have our own list of patches that you must apply and
if you don't apply them then no business in our country for you.

More like

Microsoft: .....

Google: We have Linux powered blackboxes in everyone's pocket.

Microsoft: Fuck me, we need to figure this Linux shit out.

CCP: Very impressive.

**Delgarde** · 13 August 2021, 08:52 AM

Originally posted by skeevy420 View Post

I feel like I could replace eBPF up there with anything else and it would still work because that's just a bunch of buzzwords in the form of a paragraph.

Yeah, that was my reaction too... the website says an awful lot without actually saying anything. A-grade technobabble, so while there might be something of value, it's very well hidden.

**juarezr** · 13 August 2021, 09:28 AM

Originally posted by partcyborg View Post

ITT a bunch of people with obviously zero idea how ebpf in Linux works make up a bunch of nonsense "theories" about as accurate as "hacking" on television.

Originally posted by timofonic View Post

Meanwhile, eBPF experts fail to explain to stupid wannabees like me about how this can't go wrong. I just read tons of buzzwords and promises everywhere.

If certain people think paranoids like me are wrong, please provide strong arguments.

Meanwhile, I find eBPF information about it's potential cross-platform rootkit possibilities.

https://www.crowdstrike.com/blog/ana...-of-ebpf-maps/

https://blog.aquasec.com/ebpf-vulner...s-the-backdoor

LKML: Alexei Starovoitov: Re: [RFC PATCH] asm/generic: introduce if_nospec and nospec_barrier

https://lkml.org/lkml/2018/1/3/895

Privilege escalation via eBPF in Linux 4.9 and beyond [LWN.net]

https://lwn.net/Articles/742170/

OffSec’s Exploit Database Archive

https://www.exploit-db.com/exploits/42048

Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer. CVE-2017-9150 . dos exploit for Linux platform

Please prove me and others are wrong!

I'm wondering that eBPF is just one in the whole list of possible ways of compromising a Linux system.

It would be interesting, if anyone here, could explain if it could be handled well by competently designed security procedures as it should/must be, or it has anything else that could slip as opposed to other solutions.

**cjcox** · 13 August 2021, 10:31 AM

Originally posted by mdedetrich View Post

Enqueue the Microsoft hatred

Did you see the rest of the list though? Forget the new Spider-Man movie, the Sinister Six has been formed!

eBPF might be great, but the companies behind this foundation aren't know for their "goodness".

**onlyLinuxLuvUBack** · 13 August 2021, 02:13 PM

Originally posted by jacob View Post

Phoronix readers: Hey guys, you know the latest conspiracy theory. They are out to get us. No passaran, prepare your tinfoil hats! Them evil companie$ shall not make my irrelevant toy OS into something usable in the real world! Them won't submit a single line of codez into the system I use to run Xlogo! Not a single bit in my systemz will come from Micro$oft or Google and of course when I need to get something real done, I'll use Winblob$ or Mac because my uber anti kapitalist Linux can't do it.

Right?

He needed linux to provide hardware access to new windows because win-DONT: https://www.youtube.com/watch?v=v-FrcSWKza8
can't win if it don't work.

**sheldonl** · 13 August 2021, 03:12 PM

I was also somewhat skeptical of why this all needs to run in user space - and I still kind of am. I think that they could have put the work into exporting more to user space and keep this out of the kernel, but I'm sure there would be major performance issues and even more security issues by doing so. Then I did find a decent looking use case for this: https://goteleport.com/

I also have enough faith in Linus Torvalds to be pretty sure he wouldn't let complete and utter nonsense into the kernel.

**CochainComplex** · 13 August 2021, 03:40 PM

my guts tells me this is just away to sneak around Linux Ecosystem but still having a Linux kernel. Able to do kernel stuff without the opensource Linux Kernel approving process.

**Alex/AT** · 14 August 2021, 02:10 AM

This feature now requires just one thing it does not have: the killswitch. To disable it completely, both at boot time or runtime.

**Jakobson** · 15 August 2021, 03:29 AM

Originally posted by Alex/AT View Post

This feature now requires just one thing it does not have: the killswitch. To disable it completely, both at boot time or runtime.

It has been all the time a kernel config flag. You can built-in or not to compile BPF/eBPF.

**Alex/AT** · 15 August 2021, 03:35 AM

Originally posted by Jakobson View Post

It has been all the time a kernel config flag. You can built-in or not to compile BPF/eBPF.

Okay. Can you change kernel config flag at boot time and/or runtime?

Announcement

Microsoft & Others Form The eBPF Foundation

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment