Hacker News new | past | comments | ask | show | jobs | submit login

Thanks God, eBPF is a security nightmare as we saw with Spectre, they even got arrays now. and there is no infrastructure as with dtrace. Will compile it into my kernel for sure for proper dev work.



Doesn't this criticism apply to any software that opens a communications channel between the kernel and user space? Also, how does eBPF relate to Spectre?


Yes, but syscalls are properly designed. drivers are a huge problem, always have been. eBPF on the other hand lacks proper security design. They added it afterwards, to some extent.

> how does eBPF relate to Spectre?

Please read any spectre paper. Besides the known javascript attacks, eBPF is the easiest way to bypass kernel ASLR. google is your friend.


Why is the dtrace language not vulnerable in the same way?


Because dtrace does not have the security holes eBPF has right now. dtrace only enables a bit (e.g. only a hash, no arrays), eBPF on the other hand tries to disable the dangerous stuff, which is always a lost cause.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: