On May 2, 2013, at 2:40 PM, Damien Miller <d...@mindrot.org> wrote:

> On Thu, 2 May 2013, Franco Fichtner wrote:
>> Moving implementations to user space does not necessarily make them
>> better or less of a problem.
> The big difference is that its possible to sandbox a userspace
> implementation so that small integer overflow bugs or length checking
> failures don't become arbitrary kmem reads or, worse, RCE.

OK, the implementation only pulls a couple of bytes from the packet's
payload.  It will never pull bytes that are not verified.  It will never
allocate anything.  It will never test against something that's neither
hard-coded nor available in the range of the approved payload.  It will
never return more than "unsigned int" with a number describing the
actual application.  It will never manipulate any input value, lest of
all the packet itself.  It will never run into endless loops. And I'll
gladly zap everything that could still considered be a potential risk.

Parsing TCP options is still more complex than what this particular DPI
code is supposed to be doing.  This comes from personal experience.  ;)

IMHO, the only issue that remains is a potentially unlimited number of
applications.  That's a strong point against the idea.


Reply via email to