On Sat, Jun 06, 2020 at 02:20:36PM -0500, Eric W. Biederman wrote: > > Tetsuo Honda recently noticed that the exec support of bpfilter is buggy. > https://lore.kernel.org/linux-fsdevel/2a8775b4-1dd5-9d5c-aa42-9872445e0942@xxxxxxxxxxxxxxxxxxx/ > > I agree with Al that Tetsuo's patch does not lend clarity to the code in > exec. At a rough glance Tetsuo's patch does appear correct. > > There have been no replies from the people who I expect would be > maintainers of the code. When I look at the history of the code all it > appears to have received since it was merged was trivial maintenance > updates. There has been no apparent work to finish fleshing out the > code to do what it is was aimed to do. > > Examinine the code the pid handling is questionable. The custom hook > into do_exit might prevent it but it appears that shutdown_umh has every > possibility of sending SIGKILL to the wrong process. > > The Kconfig documentation lists this code as experimental. > > The code only supports ipv4 not ipv6 another strong sign that this > code has not been going anywhere. > > So as far as I can tell this bpfilter code was an experiment that did > not succeed and now no one cares about it. > > So let's fix all of the bugs by removing the code. > > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > --- > > Kees, Tesuo. Unless someone chimes in and says they care I will > rebase this patch onto -rc1 to ensure I haven't missed something > because of the merge window and send this to Linus. NACKed-by: Alexei Starovoitov <ast@xxxxxxxxxx> Please mention specific bugs and let's fix them.
