Administered by:
i think one of the most distasteful takes i've ever read is "eBPF is bad because it has a JIT which lets you seed kernel memory with gadgets"
yes, using the computer for the purpose i am using the computer for may allow a motivated attacker to misuse the computer. the solution for this isn't to log off and go live in a forest
infosec brain is incurable and terminal
Tired: BPF in userspace
Wired: Wasm in the kernel
@krans unironically
@whitequark Yes, I'm entirely serious
@whitequark I should add that my employer's infosec policies sometimes make me feel like logging off and going to live in a forest
@krans @whitequark services hadn’t considered this but yeah that (potentially) rules
@whitequark @krans sounds good. IIRC there is a validation stage when compiling eBPF Programms so these don't panic the whole kernel. Is such a thing possible with wasm as well?
