On Aug 8, 2013, at 4:14 AM, Darren Reed <darr...@netbsd.org> wrote:
>
> No. It's not about calling a function, it is about proving the BPF
> program is correct and secure.
>
> BPF today is essentially assembly language operations that are all
> easily tested and verified.
There's a one-word summary: *assurance*. With the current design,
it's easy to *know* what can happen. With a Turing-complete extension,
it isn't.
Assurance is often what separates actually secure systems from ones that
are merely claimed to be secure.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
