Continued with offensive capabilities, incorporated security features and started with tracing program features

2025-12-25 10:53:09 +08:00 · 2022-06-02 19:00:10 -04:00
parent 5d5aafb46d
commit 2c3648a18a
16 changed files with 882 additions and 203 deletions
--- a/docs/bibliography/bibliography.bib
+++ b/docs/bibliography/bibliography.bib
@@ -249,7 +249,7 @@
@online{ebpf_bounded_loops,
 	title={Bounded loops in BPF for the 5.3 kernel},
 	url={https://lwn.net/Articles/794934/},
-	date={2019-06-31},
+	date={2019-06-30},
 	author={Marta Rybczynska}
 },

@@ -351,6 +351,69 @@
 	url={https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html},
 	author={Andrii Nakryiko},
 	date={2020-02-19}
+},
+
+@manual{ebpf_kernel_flags,
+	title={Installing BCC: Kernel Configuration},
+	url={https://github.com/iovisor/bcc/blob/master/INSTALL.md}
+},
+
+@manual{ubuntu_caps,
+	title={capabilities - overview of Linux capabilities},
+	url={http://manpages.ubuntu.com/manpages/trusty/man7/capabilities.7.html}
+},
+
+@proceedings{evil_ebpf_p9,
+	institution = {NCC Group},
+	author = {Jeff Dileo},
+	organization= {DEFCON 27},
+	eventtitle = {Evil eBPF Practical Abuses of an In-Kernel Bytecode Runtime},
+	url = {https://raw.githubusercontent.com/nccgroup/ebpf/master/talks/Evil_eBPF-DC27-v2.pdf},
+	pages={9}
+},
+
+@online{ebpf_caps_intro,
+	title={[PATCH v7 bpf-next 1/3] bpf, capability: Introduce CAP\_BPF},
+	url={https://lore.kernel.org/bpf/20200513230355.7858-2-alexei.starovoitov@gmail.com/}
+},
+
+@online{ebpf_caps_lwn,
+	title={capability: introduce CAP\_BPF and CAP\_TRACING},
+	url={https://lwn.net/Articles/797807/}
+},
+
+@online{unprivileged_ebpf,
+	title={Reconsidering unprivileged BPF},
+	url={https://lwn.net/Articles/796328/}
+},
+
+@online{cve_unpriv_ebpf,
+	title={CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability},
+	url={https://www.openwall.com/lists/oss-security/2022/01/11/4}
+},
+
+@online{unpriv_ebpf_ubuntu,
+	title={Unprivileged eBPF disabled by default for Ubuntu 20.04 LTS, 18.04 LTS, 16.04 ESM},
+	url={https://discourse.ubuntu.com/t/unprivileged-ebpf-disabled-by-default-for-ubuntu-20-04-lts-18-04-lts-16-04-esm/27047}
+},
+
+@online{unpriv_ebpf_redhat,
+	title={CVE-2022-0002},
+	url={https://access.redhat.com/security/cve/cve-2021-4001}
+},
+
+@online{unpriv_ebpf_suse,
+	title={Security Hardening: Use of eBPF by unprivileged users has been disabled by default},
+	url={https://www.suse.com/support/kb/doc/?id=000020545}
+},
+
+@manual{8664_params_abi,
+	title={System V Application Binary Interface
+AMD64 Architecture Processor Supplement},
+	author={H.J. Lu et al.},
+	pages={148},
+	date={2018-01-28},
+	url={https://raw.githubusercontent.com/wiki/hjl-tools/x86-psABI/x86-64-psABI-1.0.pdf}
 }


@@ -359,4 +422,3 @@



-
--- a/docs/bibliography/texput.log
+++ b/docs/bibliography/texput.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  25 MAY 2022 19:59
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  2 JUN 2022 18:01
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.