| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jan 2009 22:30:25 +0200 From: Rémi Denis-Courmont <rdenis@...phalempin.com> To: Andi Kleen <andi@...stfloor.org> Cc: Valdis.Kletnieks@...edu, Alan Cox <alan@...rguk.ukuu.org.uk>, Michael Stone <michael@...top.org>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: RFC: Network privilege separation. Le lundi 12 janvier 2009 22:39:31 Andi Kleen, vous avez écrit : > > What's the point of writing a parser (that could also have bugs) when the > > Sorry you lost me. What do you mean with parser here? > > > kernel can do it? > > And what does it have to do with the kernel? The parser at the other end of the pipe. The more intricate the over-the-pipe protocol is, the more likely it is to be buggy and the security scheme to break. > > A normal DVD would be over 30 megabytes per seconds once decoded, just > > for the > > On many modern systems 30MB/s copies is nothing ... Also in this > case they tend to be cache hot, which makes them much cheaper. > Yes it would be somewhat slower, but if it avoids a couple of security > updates that would be probably worth it. If codecs did not care about performance, they'd be written in some high-level language that could easily be sandboxed by its own VM. As the guy who's been dealing with VLC security issues for the past two years, I have to say, I am in no way interested in SECCOMP as it _currently_ is. -- Rémi Denis-Courmont http://www.remlab.net/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists