On Fri, Apr 3, 2026 at 6:31 AM Yafang Shao <[email protected]> wrote: > > > > > If this were to go in, I say it would require both a kernel config, with > > a big warning about this being a security hole, and a kernel command line > > option to enable it, so that people don't accidentally have it enabled in > > their config. > > > > The command line should be something like: > > > > allow_bpf_to_rootkit_functions > > The feature is currently gated by CONFIG_KPROBE_OVERRIDE_KLP_FUNC. In > the next revision, I will rename this to > CONFIG_ALLOW_BPF_TO_ROOTKIT_FUNCS and introduce a corresponding kernel > command-line parameter, allow_bpf_to_rootkit_functions, to control > it.
No. Even with extra config this is not ok.
