lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 12 Jan 2009 21:55:47 +0100
From:	Andi Kleen <andi@...stfloor.org>
To:	Rémi Denis-Courmont <rdenis@...phalempin.com>
Cc:	Andi Kleen <andi@...stfloor.org>, Valdis.Kletnieks@...edu,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Michael Stone <michael@...top.org>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: RFC: Network privilege separation.

On Mon, Jan 12, 2009 at 10:30:25PM +0200, Rémi Denis-Courmont wrote:
> Le lundi 12 janvier 2009 22:39:31 Andi Kleen, vous avez écrit :
> > > What's the point of writing a parser (that could also have bugs) when the
> >
> > Sorry you lost me. What do you mean with parser here?
> >
> > > kernel can do it?
> >
> > And what does it have to do with the kernel?
> 
> The parser at the other end of the pipe. The more intricate the over-the-pipe 
> protocol is, the more likely it is to be buggy and the security scheme to 
> break.

That would be very little code that would also not 
change very often so that it could be probably effectively
audited.

> > Yes it would be somewhat slower, but if it avoids a couple of security
> > updates that would be probably worth it.
> 
> If codecs did not care about performance, they'd be written in some high-level 
> language that could easily be sandboxed by its own VM.

I don't think using a full JIT is anywhere comparable in 
performance impact to adding two cache hot copies to 
otherwise fully optimized code.

> 
> As the guy who's been dealing with VLC security issues for the past two years, 
> I have to say, I am in no way interested in SECCOMP as it _currently_ is.

Fair point, although I'm afraid you didn't do a very good
job explaining your reasons, so it sounds like a 
quite arbitary decision.

-Andi

-- 
ak@...ux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ