Wireshark-dev: Re: [Wireshark-dev] Enabling linux kernel jit compiler from dumpcap?
From: Jakub Zawadzki <darkjames-ws@xxxxxxxxxxxx>
Date: Sat, 24 Aug 2013 00:16:02 +0200
On Thu, Aug 22, 2013 at 08:45:06PM +0200, Jakub Zawadzki wrote:
> On Thu, Aug 22, 2013 at 09:16:04AM -0700, Guy Harris wrote:
> > 
> > On Aug 22, 2013, at 4:46 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:
> > 
> > > Should we add code to enable the JIT compiler from dumpcap?
> > 
> > Should I add code to enable the JIT compiler to libpcap while I'm at it?
> > 
> > Should the Linux kernel folks enable it by default?
> > 
> > I'm inclined to answer "yes" to all three questions.  I think the FreeBSD JIT compiler is enabled by default. 
> > I'm surprised that the Linux one isn't.
> 
> Security issue: http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html

Also it's not perfect like BPF VM, check: https://lkml.org/lkml/2012/3/30/384a

Don't know if such instruction can happen in BPF filter generated by libpcap (Guy?).

If yes we should not enable in on kernels before it was fixed.