Re: [RFC 0/8] PGP key parser using SandBox Mode

[Dave Hansen]

On 2/16/24 07:24, Petr Tesarik wrote:
> While I started working on my development branch to illustrate how
> SandBox Mode could be enhanced to allow dynamic memory allocation and
> other features necessary to convert some existing code, my colleague
> Roberto Sassu set out and adapted a PGP key parser to run in a sandbox.
> 
> Disclaimer:
> 
> The code had to be rearranged in order to avoid memory allocations
> and crypto operations in the sandbox. The code might contain errors.

I'm confused by this.  The kernel doesn't (appear to) have a PGP parser
today.  So are you saying that it *should* have one and it's only
feasible if its confined in a sandbox?

A much more powerful example would be to take something that the kernel
has already and put it in a sandbox.  That would show us how difficult
it is to sandbox something versus just doing it _normally_ in the kernel.

As it stands, I fear this was just the largest chunk of sandbox code
that was laying around and it seemed like a good idea to just chuck
~1400 lines of code over the wall at a huge cc list.

I'm not sure I want to see any more SandBox mode filling up my inbox.