Hacker News new | ask | show | jobs
by sanxiyn 2395 days ago
Generally agreed, but Linux BPF is considerably more powerful than traditional Unix BPF, so I wouldn't depend on "it has been around for a long time" for safety.

I would like to see some academic research on Linux BPF verifier. If you are a graduate student working on formal methods looking for a topic, this is a hint.
1 comments
allset_ 2393 days ago
If someone has root, it's already game over. An attacker could just hook the syscalls directly which would be more stealthy that using BPF programs.
link