tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: BPF_MISC+BPF_COP and BPF_COPX



On Aug 8, 2013, at 4:14 AM, Darren Reed <darrenr%NetBSD.org@localhost> wrote:
> 
> No. It's not about calling a function, it is about proving the BPF
> program is correct and secure.
> 
> BPF today is essentially assembly language operations that are all
> easily tested and verified.


There's a one-word summary: *assurance*.  With the current design,
it's easy to *know* what can happen.  With a Turing-complete extension,
it isn't.

Assurance is often what separates actually secure systems from ones that
are merely claimed to be secure.

                --Steve Bellovin, https://www.cs.columbia.edu/~smb







Home | Main Index | Thread Index | Old Index