On Fri, 26 Mar 2021 at 04:43, Andrii Nakryiko wrote:
>
> Makes sense, but see below about details.
>
> Also, should we do the same for BPF programs as well? I guess they
> don't have a "write operation", once loaded, but still...
I asked myself the same question, I don't have a good answer. Right
On Thu, Mar 25, 2021 at 8:22 AM Lorenz Bauer wrote:
>
> Invoking BPF_OBJ_GET on a pinned bpf_link checks the path access
> permissions based on file_flags, but the returned fd ignores flags.
> This means that any user can acquire a "read-write" fd for a pinned
> link with mode 0664 by invoking BPF
