On 02/27/2018 02:19 PM, Kees Cook wrote:
On Tue, Feb 27, 2018 at 8:59 AM, chris hyser <chris.hy...@oracle.com> wrote:
I will try to find that discussion. As someone pointed out here though, eBPF
A good starting point might be this:
https://lwn.net/Articles/441232/
Thanks. A fair amount of reading referenced there :-). In particular I'll be
curious to find out what happened to this idea:
"Essentially, that would make for three choices for each system call: enabled,
disabled, or filtered."
Something like that might address some of the security concerns in that a simple go/no go on syscall number need not
incur the performance hit nor increased attack surface of running c/eBPF code, but it is there for argument checking,
etc if you need it. Basically instead of the kernel making the flexibility/performance/security trade-off in advance,
you leave it to user code/policy.
Anyway, lest it is not clear :-), I think your instincts on security and eBPF are dead on. At the same time it is
powerful and useful. So, how to make it optional?
-chrish
