Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Harden communication between execution context and verifier / user mode #709

Open
Alan-Jowett opened this issue Jan 4, 2022 · 2 comments
Open

Harden communication between execution context and verifier / user mode #709

Alan-Jowett opened this issue Jan 4, 2022 · 2 comments
Labels
enhancement New feature or request help wanted Extra attention is needed security Related to security hardening triaged Discussed in a triage meeting
Milestone
Backlog

Comments

@Alan-Jowett
Copy link
Member

Communication between execution context and verifier/user mode is currently via handwritten serializer code. We should investigate using a more secure serializer like everparse which offers better guarantees about safety.
@Alan-Jowett Alan-Jowett added enhancement New feature or request security Related to security hardening labels Jan 4, 2022
@Alan-Jowett
Copy link
Member Author

Clarification:
We should create a ".3d" file that describes the protocol messages from ebpf_protocol.h and have everparse generate a validator for it.

Then modify ebpf_core_invoke_protocol_handler to invoke the generated validator to verify the message is valid before dispatching it.

@dthaler dthaler added this to the 2203 milestone Jan 10, 2022
@dthaler dthaler added the triaged Discussed in a triage meeting label Jan 10, 2022
@dthaler dthaler mentioned this issue Feb 14, 2022
Closed
@dahavey dahavey modified the milestones: 2203, 2204 Mar 14, 2022
@dthaler dthaler mentioned this issue Mar 14, 2022
Closed
3 tasks
@dahavey dahavey modified the milestones: 2204, 2205 Apr 11, 2022
@dahavey dahavey added blocked Blocked on another issue that must be done first and removed blocked Blocked on another issue that must be done first labels May 4, 2022
@Alan-Jowett Alan-Jowett modified the milestones: 2205, 2206 May 25, 2022
@dahavey dahavey modified the milestones: 2206, 2207 Jun 6, 2022
@dahavey dahavey modified the milestones: 2207, 2208 Jul 11, 2022
@dahavey dahavey added the help wanted Extra attention is needed label Jul 11, 2022
@dahavey dahavey modified the milestones: 2208, Backlog Aug 8, 2022
@dahavey
Copy link
Collaborator

dahavey commented Aug 8, 2022

This scenario is covered by fuzz testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed security Related to security hardening triaged Discussed in a triage meeting
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@dthaler @Alan-Jowett @dahavey