tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: accept filters for NetBSD



On Tue, Jan 29, 2008 at 08:19:29PM +0200, Elad Efrat wrote:
> 
> Obviously I don't, but others do, and I'm merely raising a general
> concern saying "let's give this a bit more though" given my -- and I
> presume others' -- experience with fun things that can happen due to
> improper string handling and/or bugs in privileged code paths. ;)

So, an observation:  like a STREAMS module or any other in-kernel
implementation of an application-layer protocol, an accept filter
effectively moves the boundary between user and kernel code in a
network server application.

Because it does that, it is unquestionably the case that it can move
bugs that would be serious -- but for one application -- in a user
application so that they are severe -- for the whole system, without
any protection against propagation of compromise -- bugs in the kernel
instead.

Short of writing the kernel portion of the application code in a safe
language, which we don't really have any facility for, I don't see
any way around this issue int he general case.

It should be copiously noted in the documentation.

Thor



Home | Main Index | Thread Index | Old Index