On 03/02/2018 05:08 AM, Rich Freeman wrote:
On the other hand, if netfilter were implemented in userspace such as via a microkernel, then if it contained a bug the remote attacker would be able to MITM all network traffic on the machine, but that would be the extent of the access they have.

I don't know that it would be the extent of the access the attacker would have. It might also be a beachhead that could be used as a starting point for future attacks.

The process running the netfilter code doesn't need anything other than a pipe back to the kernel to receive packets and send packets back, so it can run with minimal privs otherwise.

I think that more than a simple pipe (as in unix socket) is needed. Currently, any program that uses IP is expecting a socket to behave like it currently behaves. I don't think a simple pipe can provide that.

I can see a way now, using existing technology, to have an isolated firewall that runs in user space. Remove all IP processing from eth0 in the main kernel. Connect eth0 to a User Mode Linux kernel which does the filtering (in user space) and routes the traffic back over another connection to the host kernel, i.e. uml0.

 | Host                        |
 |   +--------------+          |
 |   | UML Firewall |          |
-----+ eth0    eth1 +---uml0   |
 |   +--------------+          |

Processes running on the host can use the uml0 interface just like they formerly used the eth0 interface.

All the firewalling / filtering / routing happens in user space (possibly a container) and independent of the host kernel.

a lot of the boot-time mounting logic and devfs/etc logic has gone away in favor of initramfs and udev.

Please provide examples of this "…boot-time mounting logic and devfs/etc logic…" that used to be in kernel.

I'll argue that devfs is now in kernel when it used to be files on a file system or dynamically created by a user space process. As far as I know, mounting (more than root as RO) has always been driven from user space via init scripts.

Sure, there's a LOT of changes going on in that space, particularly around (anti)systemd. But IMHO this has been user space for as long as I have known.

Please provide examples where I'm wrong.  I'd like to learn.

And of course if this is done it is done correctly, and not as some kind of userspace hack on top of an OS to add features that it lacks.


Grant. . . .
unix || die

Reply via email to