Rex is a safe kernel extension framework that allows Rust in the place of eBPF(github.com)
37 points by zdw 5 days ago | 4 comments
vlovich123 2 hours ago
As a lover of Rust, ooo boy does this sound like a bad idea. The Rust compiler is not guaranteed to always output safe code against malicious inputs given that there’s numerous known soundness bugs that allow exploiting this. Unless I’m missing something this is a security nightmare of an idea.

Also there’s reasons why eBPF programs aren’t allowed to run arbitrarily long and this just ignores that problem too.

pjmlp 1 hour ago
Fully agree.

If it has to be native code, it should live on user space, at very least.

benatkin 1 hour ago
In this comment someone tries to justify its design, citing a lwn article: https://github.com/rex-rs/rex/issues/2#issuecomment-26965339...
_flux 11 minutes ago
I think this is a fair take:

> We currently do not support unprivileged use case (same as BPF). Basically, Rex extensions are expected to be loaded by privileged context only.

As I understand it, in privileged context would be one where one is also be able to load new kernel modules, that also don't have any limitations, although I suppose the system could be configured otherwise as well for some reasons.

So this is like a more convenient way to inject kernel code at runtime than kernel modules or eBPF modules are, with some associated downsides (such as being less safe than eBPF; the question about non-termination seems apt at the end of the thread). It doesn't seem like they are targeting to actually put this into mainstream kernel, and I doubt it could really happen anyway..

NewJazz 1 hour ago
That's one aspect of the design. Again, complexity requirements are there for a reason. No explanation seen for why this eschews them.
24 minutes ago
bawolff 1 hour ago
> This approach avoids the overly restricted verification requirements (e.g., program complexity constraints)

Maybe i'm missing something, but isn't that a bad thing?

12 minutes ago
pjmlp 1 hour ago
Yes, very bad, even worse when coming from supposedly security conscious programming language community.
NewJazz 1 hour ago
They're not in the core language group... Do these people have influence in the stdlib, compiler, prominent libraries? Kernel community?

Why judge the whole Rust community for the choices made by one minor subgroup?

testdelacc1 29 minutes ago
It’s a common HN trope to generalise a “community” based on a handful of people or even just one person. “See this is why I dislike the xyz community”, says a person justifying their confirmation bias.

Perhaps the world is too complex without breaking it down into in-groups and out-groups, with any out-groups supposedly being completely homogenous. Pretty intellectually lazy but fairly common on HN, to the point where it’s not even worth calling out.

jacquesm 0 minutes ago
You may be correct but pjmlp is not one of those and if you had been here long enough you would have known that. You're the one creating an in-group here and putting yourself on the 'good' side. Perhaps that is too complex for you but I think it is intellectually lazy not to get who you're referring to before making comments such as these. Note that your strawman "See this is why I dislike the xyz community" wasn't part of this thread at all.
johnisgood 25 minutes ago
I mean, I was going to reply "take a wild guess" to him, but your message is correct, too.

(I may come across as an Ada zealot myself.)

29 minutes ago
dracarys18 1 hour ago
We need a way to run HolyC in the kernel
logicchains 1 hour ago
You can run HolyC in the kernel. Just not the Linux kernel.
wakawaka28 1 hour ago
These people just won't give up lol... Rust in the kernel is a terrible idea all around.
56 minutes ago