Comments (4)
Program [will consume stubs/headers from PAL work]
Create - Alloc
Open - AccessCheck
ProgramInit
GetProperties
LoadMachineCode - allocating a read only executable page
CreateAndAttachToHook
Pin/Unpin
Uninit/Cleanup [ref count hits 0, the rundown logic]
from ebpf-for-windows.
Looks like the functions to convert SDDL -> SECURITY_DESCRIPTOR aren't in the DDK. Are we ok with passing a self-relative SECURITY_DESCIPTOR instead of an SDDL?
from ebpf-for-windows.
The EbpfIoDevice device object is restricted to:
//
// SDDL_DEVOBJ_SYS_ALL_ADM_ALL allows the kernel, system, and admin complete
// control over the device. No other users may access the device
//
So adding an additional access check here is redundant.
from ebpf-for-windows.
Closing this as an additional access check is pointless given that this API can only be called by admin, kernel or local system.
If we ever loosen the restrictions on the device object, revisit this.
from ebpf-for-windows.
Related Issues (20)
- Workflow failed - fault_injection_full HOT 1
- Set errno for bpf_object__find_map_by_name API HOT 1
- need unit tests for program data validation
- Workflow failed - user_mode_multi_threaded_stress HOT 7
- Add support for string helper functions HOT 1
- ioctl: allow common operations without allocations HOT 1
- bpf2c.exe doesn't do conversion with absolute paths
- Workflow failed - km_mt_stress_tests HOT 2
- Make `bpf()` wrapper ABI compatible with Linux HOT 9
- Add test to validate older native module (< 0.18) does not get loaded if the extension requires implicit context.
- XDP header declarations belong in XDP-for-Windows repo, not eBPF-for-Windows HOT 3
- Pinning semantics are different than on Linux HOT 1
- Scheduled eBPF release is due HOT 1
- sock_ops extension must override bpf_get_pid_tgid helper function
- bpf object load - NMR Attach failing with attach guid all zeroes HOT 2
- bpf() shim don't follow upstream error conventions HOT 1
- Group dependabot requests
- `setup-ebpf.ps1 -Uninstall` fails after recompilation HOT 1
- eBPF external extensions missing extensions HOT 1
- Print compartment ID in `connect_redirect` hook traces
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ebpf-for-windows.