| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180218233538.GG13493@breakpoint.cc>
Date: Mon, 19 Feb 2018 00:35:38 +0100
From: Florian Westphal <fw@...len.de>
To: Daniel Borkmann <daniel@...earbox.net>
Cc: netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
davem@...emloft.net, alexei.starovoitov@...il.com
Subject: Re: [PATCH RFC 0/4] net: add bpfilter
Daniel Borkmann <daniel@...earbox.net> wrote:
> As rule translation can potentially become very complex, this is performed
> entirely in user space. In order to ease deployment, request_module() code
> is extended to allow user mode helpers to be invoked. Idea is that user mode
> helpers are built as part of the kernel build and installed as traditional
> kernel modules with .ko file extension into distro specified location,
> such that from a distribution point of view, they are no different than
> regular kernel modules. Thus, allow request_module() logic to load such
> user mode helper (umh) binaries via:
>
> request_module("foo") ->
> call_umh("modprobe foo") ->
> sys_finit_module(FD of /lib/modules/.../foo.ko) ->
> call_umh(struct file)
>
> Such approach enables kernel to delegate functionality traditionally done
> by kernel modules into user space processes (either root or !root)
Unrelated: AFAIU this would allow to e.g. move the compat32 handlers
(which are very ugly/error prone) off to userspace?
compat_syscall -> umh_32_64_xlate -> syscall() ?
[ feel free to move this to different thread, only mentioning this
so I won't forget ]
Powered by blists - more mailing lists