On 25.08.2018 21:32, David Holland wrote: > > 2. There is no bpf_validate for Lua bytecode. In fact, Lua team abandoned > > an idea of bytecode validation few years ago. From Lua 5.3 manual: > > > > Lua does not check the consistency of binary chunks. Maliciously > > crafted binary chunks can crash the interpreter. > > Are we talking about installing untrusted/unprivileged kernel trace > logic? Because that seems like a bad idea, or at least a very hard > thing to get right... and if not, it doesn't matter if there's a > validator. > > (Also, isn't EBPF not really validatable either, or am I mixing it > up with something else?) > For the record, eBPF has at least two stages of validation: - CFG analysis to find infinite loops that would deadlock, - a simulator that tries to verify whether code paths are meaningful. eBPF tries to prevent uninitialized memory read and read-only variable write. Additionally eBPF can restrict pointer arithmetics. But right, it's much easier to restrict loading any code into the kernel to a privileged user.
Attachment:
signature.asc
Description: OpenPGP digital signature