Skip to content

Need a bit clarity for creating eBPF and code replace filters #1

Description

@anilkyadav

Hi, Thanks for the work you guys have been doing.
It looks to be a useful tool to prevent the sitting duck devices from attacks until the secure patch is applied after a long time.
This tool looks very useful and I have few queries to clear out before using your work.

  1. Who will write the eBPF patches ?
    e.g. If I am going to use this tool in our ecosystem.
    i. For a hypothetical scenario suppose a CVE is detected and its fix was provided by the open source community. Now its eBPF patch should be implemented by open source people or the OEM team who is using the open-source ?
    ii. If open-source community has to write the eBPF patch then its an additional task for them and I am not sure if they will do it.
    iii. If OEM developer team has to implement the eBPF patch then they would required the skillsets to implement it which is not as simple. First, they have to understand the background of the issue, understanding of the library/source code, understanding of eBPF framework and of RapidPatch. Its not a small task. Please correct me if I have mentioned which is not correct in my understanding.
    iv. Is the eBPF and Code replace filters are generic in nature to handle that kind of defects appearing in future in some other libraries ?
    v. Do you suggest any way to automate the generation of eBPF and Code replace filters ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions