On 26.08.2018 02:40, Kamil Rytarowski wrote: > On 25.08.2018 21:32, David Holland wrote: >> > 2. There is no bpf_validate for Lua bytecode. In fact, Lua team abandoned >> > an idea of bytecode validation few years ago. From Lua 5.3 manual: >> > >> > Lua does not check the consistency of binary chunks. Maliciously >> > crafted binary chunks can crash the interpreter. >> >> Are we talking about installing untrusted/unprivileged kernel trace >> logic? Because that seems like a bad idea, or at least a very hard >> thing to get right... and if not, it doesn't matter if there's a >> validator. >> >> (Also, isn't EBPF not really validatable either, or am I mixing it >> up with something else?) >> > > For the record, eBPF has at least two stages of validation: > - CFG analysis to find infinite loops that would deadlock, > - a simulator that tries to verify whether code paths are meaningful. > > eBPF tries to prevent uninitialized memory read and read-only variable > write. > > Additionally eBPF can restrict pointer arithmetics. > > But right, it's much easier to restrict loading any code into the kernel > to a privileged user. > We do not allow loading Lua bytecode by default. This means that the verification is done by the compiler and it's difficult to crash the interpreter on accident. $ sysctl -d kern.lua.bytecode kern.lua.bytecode = 0
Attachment:
signature.asc
Description: OpenPGP digital signature