From: David Miller <davem@davemloft.net>
To: hagen@jauu.net
Cc: leonerd@leonerd.org.uk, netdev@vger.kernel.org
Subject: Re: RFC: New BGF 'LOOP' instruction
Date: Mon, 02 Aug 2010 22:18:13 -0700 (PDT) [thread overview]
Message-ID: <20100802.221813.43045517.davem@davemloft.net> (raw)
In-Reply-To: <20100802201629.GA5973@nuttenaction>
From: Hagen Paul Pfeifer <hagen@jauu.net>
Date: Mon, 2 Aug 2010 22:16:29 +0200
> PS: the LOOP opcode must be secure against any ressource attack -> the loop
> must be break after n iterations.
Oh yeah, what is an iteration in your definition? See this is why I
totally refuse to add a looping construct to BPF.
If you just check for a single loop hitting, the user will just use
a chaining of two looping constructs. And then three levels of
indirection, then four, etc. He can run up to just before exhasting
the "iteration limit" of one loop, and branch to the next one, and
so on and so forth.
There are probably a million ways to exploit this, and once you come
up with a validation or limiting scheme one of two things will happen:
1) The limiting scheme will make legitimate scripts USELESS
2) Someone will just figure out another hole to punch through and
exploit
There's a reason no back branching construct was added to BPF to begin
with. It violates the core design principles of BPF.
next prev parent reply other threads:[~2010-08-03 5:17 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-02 11:03 RFC: New BGF 'LOOP' instruction Paul LeoNerd Evans
2010-08-02 11:13 ` RFC: New BPF " Paul LeoNerd Evans
2010-08-02 20:16 ` RFC: New BGF " Hagen Paul Pfeifer
2010-08-03 5:18 ` David Miller [this message]
2010-08-03 7:07 ` Paul LeoNerd Evans
2010-08-03 7:19 ` David Miller
2010-08-03 9:10 ` Hagen Paul Pfeifer
2010-08-03 13:40 ` Paul LeoNerd Evans
2010-08-03 9:03 ` Hagen Paul Pfeifer
2010-08-03 7:18 ` RFC: New BPF " Paul LeoNerd Evans
2010-08-03 5:13 ` RFC: New BGF " David Miller
2010-08-03 7:04 ` Paul LeoNerd Evans
2010-08-03 7:18 ` David Miller
2010-08-03 12:58 ` Andi Kleen
2010-08-03 13:07 ` David Miller
2010-08-03 13:34 ` RFC: New BPF " Paul LeoNerd Evans
2010-08-03 13:42 ` Paul LeoNerd Evans
2010-08-03 14:09 ` Rémi Denis-Courmont
2010-08-03 14:13 ` Paul LeoNerd Evans
2010-08-03 14:16 ` Rémi Denis-Courmont
2010-08-03 14:19 ` Paul LeoNerd Evans
2010-08-03 15:17 ` Rémi Denis-Courmont
2010-08-03 15:27 ` Paul LeoNerd Evans
2010-08-03 14:05 ` RFC: New BGF " Andi Kleen
2010-08-03 14:11 ` Paul LeoNerd Evans
2010-08-03 14:34 ` Paul LeoNerd Evans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100802.221813.43045517.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=hagen@jauu.net \
--cc=leonerd@leonerd.org.uk \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).