Re: CVS commit: src/sys/kern

[Roy Marples <roy%marples.name@localhost>]

On 29/12/16 07:27, David Holland wrote:
> On Wed, Dec 28, 2016 at 07:32:05PM +0000, Taylor R Campbell wrote:
>  > It's true that moving the kauth call expanded the attack surface a
>  > little bit.  Now we have to worry about:
> 
> When I saw the original commit I wondered it if it was an information
> leak. Maybe it's not, but that's certainly a fourth consideration.

You can get the information from other ways, modstat works fine on mips.
Whether this is in itself a bug is a separate issue.
However, it's a royal PITA to use just to work out if a module is
loaded. Considering that the NPF logic is thus:

1) Load BPFJIT Module
2) If error != EEXIST warn that NPF performance will be impacted because
it cannot load BPFJIT

Moving to a more modular world (which based on PaulG's work we are) then
adding an extra step to check existence prior to loading is more
complexity per module loading code. Simply checking for EPERM won't fly
either because that error can be returned and the module is not loaded.

Now, from an IRC discussion it was also pointed out that my target
platform (ERLITE) does not support loading modules. My retort is that
this makes it even more important to fix the warning NPF generates
because we have to compile it into the kernel directly to eliminate the
warning. But without my patch this fails and confuddles the end user.
This echos the human/computer interaction argument Taylor made earlier.


Roy