Hello, Luigi. You wrote 28 декабря 2011 г., 14:42:51: > There is a problem here. You have to trust the native code > before allowing its execution in the kernel. So either you root could load any KLD. So, I think, we could trust any code "uploaded" via setsocopt()... Yes, it looks dangerous, but, again, if root is compromised, attacker could compile and load kernel module as well.
> implement some form of sandboxing or code validator > before accepting a blob of native code from the setsockopt(), > or you generate the code directly within the kernel. > But with these sizes you cannot embed clang or gcc in the kernel: clang is bad example, it needs to process C/C++ code (frontend). Custom-written compiler with LLVM as backend could have very reasonable size. But not for kernel side, for sure, in any case! > though i would guess that a custom code generator is probably simpler > to write (perhaps reusing sys/i386/i386/bpf_jit_machdep.c and its > amd64 counterpart) Yep, as we have BPF JIT, it could be simpler. -- // Black Lion AKA Lev Serebryakov <l...@freebsd.org> _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
