Petr Tesařík <petr@xxxxxxxxxxx> writes: > On Fri, 16 Feb 2024 07:38:30 -0800 > Dave Hansen <dave.hansen@xxxxxxxxx> wrote: >> I'm confused by this. The kernel doesn't (appear to) have a PGP parser >> today. So are you saying that it *should* have one and it's only >> feasible if its confined in a sandbox? > > I'm sorry if this is confusing. Yes, your understanding is correct. > This patch series demonstrates that SBM (even in the initial version > that was submitted) allows to write a PGP parser which can survive > memory safety bugs withoug compromising the rest of the kernel. So I have a different question: some years ago we added the "usermode blob" feature for just this kind of use case - parsing firewall rules at the time. It has never been used for that, but it's still there in kernel/usermode_driver.c. Is there a reason why this existing functionality can't be used for tasks like PGP parsing as well? Thanks, jon
