Linux @lemmy.ml ikidd @lemmy.world 2w ago

Microsoft Proposes "Hornet" Security Module For The Linux Kernel

35 comments

I have zero interest in anything Microsoft has to say about Free software.
- Too bad they have a trojan horse at the LF board of directors.
  
  Who?
"Fox proposes new brand of locks for henhouse."
Fuck off, microsoft...
I have zero trust in Microsoft's intentions here.
Embrace, Extend, Extinguish
Ah yes, the "extended Berkeley Packet Filter".
Wikipedia:

eBPF is a technology that can run programs in a privileged context such as the operating system kernel.

Phoronix:

Hornet uses a similar signature verification scheme similar to that of kernel modules. A pkcs#7 signature is appended to the end of an executable file. During an invocation of bpf_prog_load, the signature is fetched from the current task's executable file. That signature is used to verify the integrity of the bpf instructions and maps which where passed into the kernel. Additionally, Hornet implicitly trusts any programs which where loaded from inside kernel rather than userspace, which allows BPF_PRELOAD programs along with outputs for BPF_SYSCALL programs to run.

So this is to make kernel-level instructions from userspace (something that's already happening) more secure.

The thread linked by the OP is Jarkko Sakkinen (kernel maintainer) seemingly saying "show your work, your patch is full of nonsense" in a patch submitted for review to the Linux kernel.
Edit: the OP has edited the link, it used to point to this comment in the mailing list chain.
- Loading BPF code from user space is, I hope, only possible with root access to the system. That would mean that an attacker needs root access to exploit BPF, but if an attacker has root access what stops him/her to do anything they want? At this time the system is lost anyway.
  
  Or am I missing anything?
  
  If the executable binary has to be signed with a key, similar to the module signing key, Microsoft could sign their binaries
  
  This, along with secureboot, would prevent the owner of the machine from running eBPF programs Microsoft doesn't want you to run, even with root
- The thread linked by the OP is Jarkko Sakkinen (kernel maintainer) seemingly saying “show your work, your patch is full of nonsense” in a patch submitted for review to the Linux kernel.
  
  That’s not what he’s saying. He’s saying: ‘You’re using terms which aren’t that familiar to everyone. Could you explain them?’
I hope we will learn from the SecureBoot debacle and not give Microsoft the primary signing keys and infrastructure for this again.
Yeah. Stay in your lane microsoft.
- *in
  
  My bad. Not my native language. Thanks though
Do people in this thread not understand that Microsoft frequently contributes to Linux? They've already lost the battle there. They rely on Linux for servers as much as everybody else.

Not necessarily saying this is a good thing or not, but writing off any Linux contributions Microsoft makes would be pretty silly.
- yes they lost the battle, now they're most likely aiming to win the war.
  
  Or they're just adding improvements to the software they heavily rely on.
  
  I don't trust or like Microsoft, but the likelihood of there being malicious intentions in this is incredibly low. Just imagine the fallout if Microsoft tried to sabotage the kernel.
@ikidd After years of Embrace, extend and extinguish, and now the cloud and copilot stuff, can't put my faith on Micro$oft anymore, EVER 🙅🙅🙅‍♀️‍
- Certainly don't take my posting of this as an endorsement of anything Microsoft does. I loathe Microsoft.
  
  VSCode is one of the best free editors second only to Neovim (and maybe DoomEmacs), and the world runs off GitHub whether we like it or not. Azure runs Linux, and a lot of work has been put into WSL to where it's pretty darn handy if you're forced to use company Windows hardware but need to do Dev/SRE tasks.
  
  Windows 11 and Teams though can die in a tire fire.
Use-case?
- Preventing kernel modifications to expand upon the work done for kernel lockdown. Add additional layers to system security.
  
  Kernel_lockdown:
  
  prevent both direct and indirect access to a running kernel image, attempting to protect against unauthorized modification of the kernel image and to prevent access to security and cryptographic data located in kernel memory, [...]
  
  Is anyone having security issues without this patch?
They probably named it HORNET for a reason - think Japanese Murder Hornets... What Could Possibly Go Wrong??

It will probably start out as little glitches and slowdowns to destroy faith in your system ("Windows works right all the time") a random 2 second pauses. Finally one day every Linux box in the world crashes, all at the same time, because some 'dummy' in Microsoft deleted the private signing key.
- @ikidd @waspentalive That is more or less what I have in mind yes

35 comments