|
|
|
|
|
|
by brendangregg
713 days ago
|
|
|
Right; disabling eBPF doesn't solve this. And the bigger point is that this kind of eBPF is still super-user only. Apart from the more exotic facilities, the critical facilities that would be hard to disable include LD_PRELOAD for interposers/shims (as you mentioned), and gdb for just setting breakpoints on crypto functions. And if neither of those existed, then I may have to edit openssl code and recompile my own edited version. And if that wasn't allowed (signed libraries) then maybe I'd edit the application code or binaries. |
|
|
And modules can be compiled directly into a module-less kernel.