vm: remove aot cache for security issues

eunomia-bpf / bpftime

Userspace eBPF runtime for fast Uprobe & Syscall hook & Extensions with LLVM JIT

https://eunomia.dev/bpftime/

MIT License

693 stars 68 forks source link

vm: remove aot cache for security issues #227

Closed yunwei37 closed 4 months ago

yunwei37 commented 4 months ago

Description

Remove AOT file cache for security issues. We may need a better design for it.

Related to #155

Type of change

[X] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[ ] This change requires a documentation update

Officeyutong commented 4 months ago

What are the security issues?

yunwei37 commented 4 months ago

What are the security issues?

The AOT code is store in files and load without verify. If attacker modify the AOT code, then they can do anything in the runtime.

Officeyutong commented 4 months ago

What are the security issues?

The AOT code is store in files and load without verify. If attacker modify the AOT code, then they can do anything in the runtime.

Seems the security level is the same as modifying things in memory

Officeyutong commented 4 months ago

Did you remove the AOT cli?