Date: Fri, 9 Aug 2013 16:44:37 -0400 From: Thor Lancelot Simon <tls@panix.com> To: Mindaugas Rasiukevicius <rmind@netbsd.org> Cc: tech-net@NetBSD.org, freebsd-net@freebsd.org, guy@alum.mit.edu, darrenr@NetBSD.org, Steven Bellovin <smb@cs.columbia.edu> Subject: Re: BPF_MISC+BPF_COP and BPF_COPX Message-ID: <20130809204436.GA3261@panix.com> In-Reply-To: <20130809203446.428A714A308@mail.netbsd.org> References: <20130804191310.2FFBB14A152@mail.netbsd.org> <5202693C.50608@netbsd.org> <20130807175548.1528014A21F@mail.netbsd.org> <5203535D.2040508@netbsd.org> <38CDC9BB-09C7-4241-8746-163BD15B80EC@cs.columbia.edu> <20130809203446.428A714A308@mail.netbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 09, 2013 at 09:34:25PM +0100, Mindaugas Rasiukevicius wrote: > Steven, > > Steven Bellovin <smb@cs.columbia.edu> wrote: > > There's a one-word summary: *assurance*. With the current design, > > it's easy to *know* what can happen. With a Turing-complete extension, > > it isn't. > > It is still easy and the concept itself is very simple. I mentioned that > this extension does not make byte-code Turing-complete and the rest is in > your control. Darren ignored it. Yes, but since the extension makes the program no longer consist solely of bytecode, it tends to give the impression that the program may now be, in total, in a Turing-complete language. It blurs the boundary between the program and its interpreter, by allowing the bytecode to directly call into the interpreter. Or am I missing something? I think what you want to do may be a good idea, in the end, but I do think it calls for what others are requesting: a real problem statement and an explanation of why the proposed solution is safer than it would at first appear. Thor
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130809204436.GA3261>