| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20100802.221813.43045517.davem@davemloft.net> Date: Mon, 02 Aug 2010 22:18:13 -0700 (PDT) From: David Miller <davem@...emloft.net> To: hagen@...u.net Cc: leonerd@...nerd.org.uk, netdev@...r.kernel.org Subject: Re: RFC: New BGF 'LOOP' instruction From: Hagen Paul Pfeifer <hagen@...u.net> Date: Mon, 2 Aug 2010 22:16:29 +0200 > PS: the LOOP opcode must be secure against any ressource attack -> the loop > must be break after n iterations. Oh yeah, what is an iteration in your definition? See this is why I totally refuse to add a looping construct to BPF. If you just check for a single loop hitting, the user will just use a chaining of two looping constructs. And then three levels of indirection, then four, etc. He can run up to just before exhasting the "iteration limit" of one loop, and branch to the next one, and so on and so forth. There are probably a million ways to exploit this, and once you come up with a validation or limiting scheme one of two things will happen: 1) The limiting scheme will make legitimate scripts USELESS 2) Someone will just figure out another hole to punch through and exploit There's a reason no back branching construct was added to BPF to begin with. It violates the core design principles of BPF. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists