lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Mar 2017 11:12:23 +0800 From: "Wangnan (F)" <wangnan0@...wei.com> To: Alexei Starovoitov <ast@...com>, "David S . Miller" <davem@...emloft.net> CC: Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <kafai@...com>, <netdev@...r.kernel.org>, <kernel-team@...com> Subject: Re: [PATCH net-next 1/6] bpf: introduce BPF_PROG_TEST_RUN command On 2017/3/31 10:57, Alexei Starovoitov wrote: > On 3/30/17 7:53 PM, Wangnan (F) wrote: >> I suggest using a CONFIG option to enable/disable code in >> test_run.o to reduce attack plane. > > attack plane? what attack do you see and how config helps? > I think all testing features are not required to be compiled for a production system. A feature which should never be used looks dangerous to me. I suggest adding a CONFIG option like CONFIG_BPF_PROGRAM_TEST_RUN to control whether the kernel should be compiled with this feature or not. We can enable by default, and give people a chance to turn it off. At least in my company people tends to turn all unneeded features off. If you don't provide a config option they will make one by themselves. Thank you.
Powered by blists - more mailing lists