tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: accept filters for NetBSD
On Tue, Jan 29, 2008 at 08:19:29PM +0200, Elad Efrat wrote:
>
> Obviously I don't, but others do, and I'm merely raising a general
> concern saying "let's give this a bit more though" given my -- and I
> presume others' -- experience with fun things that can happen due to
> improper string handling and/or bugs in privileged code paths. ;)
So, an observation: like a STREAMS module or any other in-kernel
implementation of an application-layer protocol, an accept filter
effectively moves the boundary between user and kernel code in a
network server application.
Because it does that, it is unquestionably the case that it can move
bugs that would be serious -- but for one application -- in a user
application so that they are severe -- for the whole system, without
any protection against propagation of compromise -- bugs in the kernel
instead.
Short of writing the kernel portion of the application code in a safe
language, which we don't really have any facility for, I don't see
any way around this issue int he general case.
It should be copiously noted in the documentation.
Thor
Home |
Main Index |
Thread Index |
Old Index