User: Password:
|
|
Subscribe / Log in / New account

A JIT for packet filters

A JIT for packet filters

Posted Apr 17, 2011 21:08 UTC (Sun) by rilder (guest, #59804)
In reply to: A JIT for packet filters by jzbiciak
Parent article: A JIT for packet filters

Good points.
My thought process for this was influenced by:
1. Text processing algorithms which use request_module() to load at runtime for algorithms which are not in kernel. Again, if proper case is exercised here -- not loading outside modprobe path etc. it should be fine.
2. Coming back to usermode helpers, we already allow modules to be modprbed through external helpers, so a similar approach can be used. If someone can write to a sysctl/procfs maliciously, then system is already compromised. I was thinking of reading from a pipe using a usermode helper similar to how core dumping function uses it to write instead.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds