Firewall Profiling.
Lev Serebryakov
lev at FreeBSD.org
Wed Dec 28 15:57:31 UTC 2011
Hello, Luigi.
You wrote 28 декабря 2011 г., 14:42:51:
> There is a problem here. You have to trust the native code
> before allowing its execution in the kernel. So either you
root could load any KLD. So, I think, we could trust any code
"uploaded" via setsocopt()... Yes, it looks dangerous, but, again, if
root is compromised, attacker could compile and load kernel module as
well.
> implement some form of sandboxing or code validator
> before accepting a blob of native code from the setsockopt(),
> or you generate the code directly within the kernel.
> But with these sizes you cannot embed clang or gcc in the kernel:
clang is bad example, it needs to process C/C++ code (frontend).
Custom-written compiler with LLVM as backend could have very
reasonable size. But not for kernel side, for sure, in any case!
> though i would guess that a custom code generator is probably simpler
> to write (perhaps reusing sys/i386/i386/bpf_jit_machdep.c and its
> amd64 counterpart)
Yep, as we have BPF JIT, it could be simpler.
--
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>
More information about the freebsd-net
mailing list