On Thu, Jun 25, 2020 at 12:34 PM David Miller <davem@xxxxxxxxxxxxx> wrote:
>
> It's kernel code executing in userspace. If you don't trust the
> signed code you don't trust the signed code.
>
> Nothing is magic about a piece of code executing in userspace.
Well, there's one real issue: the most likely thing that code is going
to do is execute llvm to generate more code.
And that's I think the real security issue here: the context in which
the code executes. It may be triggered in one namespace, but what
namespaces and what rules should the thing actually then execute in.
So no, trying to dismiss this as "there are no security issues" is
bogus. There very much are security issues.
It's just that the current code that is just a dummy wrapper around
something that doesn't actually do anything doesn't happen to _show_
those issues, because it does nothing.
I've stayed away from this discussion because I wanted to see if it
went anywhere, but it doesn't seem to.
My personally strongest argument for remoiving this kernel code is
that it's been there for a couple of years now, and it has never
actually done anything useful, and there's no actual sign that it ever
will, or that there is a solid plan in place for it.
So to me, it really looks like it was an interesting idea, but one
that hasn't proven itself, and most certainly not one that has shown
itself to be the _right_ idea.
We can dance around the "what about security modules", but that
fundamental problem of "this code hasn't done anything useful for two
years and we don't even know if it's the right thing to do or what the
real security issues _will_ be" is I think the real issue here.
Hmm?
Linus
