| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180220.095533.1556394952394943311.davem@davemloft.net>
Date: Tue, 20 Feb 2018 09:55:33 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: pablo@...filter.org
Cc: phil@....cc, laforge@...monks.org, fw@...len.de,
daniel@...earbox.net, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH RFC 0/4] net: add bpfilter
From: Pablo Neira Ayuso <pablo@...filter.org>
Date: Tue, 20 Feb 2018 11:44:31 +0100
> * Lack of sufficient abstraction: bpf is not only exposing its own
> software bugs through its interface, but it will also bite the dust
> with CPU bugs due to lack of glue code to hide details behind the
> syscall interface curtain. That will need a kernel upgrade after all to
> fix, so all benefits of adding new programs. We've even seem claims on
> performance being more important than security in this mailing list.
> Don't get me wrong, no software is safe from security issues, but if you
> don't abstract your resources in the right way, you have more chance to
> have experimence more problems.
I find it surprising that the person who didn't even know that
generating classical BPF was not appropriate in his patches is
suddenly a complete expert on eBPF and all of it's shortcomings.
Pablo, I am sincerely very disappointed in you, and if you continue
to attack eBPF in such an ignorant way going forward we will have
a very hard time taking you seriously at all.
Thank you.
Powered by blists - more mailing lists