On 03/02/2018 05:08 AM, Rich Freeman wrote:
On the other hand, if netfilter were implemented in userspace such as
via a microkernel, then if it contained a bug the remote attacker would
be able to MITM all network traffic on the machine, but that would
be the extent of the access they have.
I don't know that it would be the extent of the access the attacker
would have. It might also be a beachhead that could be used as a
starting point for future attacks.
The process running the netfilter code doesn't need anything other than
a pipe back to the kernel to receive packets and send packets back,
so it can run with minimal privs otherwise.
I think that more than a simple pipe (as in unix socket) is needed.
Currently, any program that uses IP is expecting a socket to behave like
it currently behaves. I don't think a simple pipe can provide that.
I can see a way now, using existing technology, to have an isolated
firewall that runs in user space. Remove all IP processing from eth0 in
the main kernel. Connect eth0 to a User Mode Linux kernel which does
the filtering (in user space) and routes the traffic back over another
connection to the host kernel, i.e. uml0.
| Host |
| +--------------+ |
| | UML Firewall | |
-----+ eth0 eth1 +---uml0 |
| +--------------+ |
Processes running on the host can use the uml0 interface just like they
formerly used the eth0 interface.
All the firewalling / filtering / routing happens in user space
(possibly a container) and independent of the host kernel.
a lot of the boot-time mounting logic and devfs/etc logic has gone away
in favor of initramfs and udev.
Please provide examples of this "…boot-time mounting logic and devfs/etc
logic…" that used to be in kernel.
I'll argue that devfs is now in kernel when it used to be files on a
file system or dynamically created by a user space process. As far as I
know, mounting (more than root as RO) has always been driven from user
space via init scripts.
Sure, there's a LOT of changes going on in that space, particularly
around (anti)systemd. But IMHO this has been user space for as long as
I have known.
Please provide examples where I'm wrong. I'd like to learn.
And of course if this is done it is done correctly, and not as some kind
of userspace hack on top of an OS to add features that it lacks.
Grant. . . .
unix || die