While this is an interesting project, I found following grating:
"Permissions without root
You don’t need root. Grant capabilities to SBCL:
sudo setcap cap_bpf,cap_perfmon+ep /usr/bin/sbcl
Now sbcl --load my-bpf-program.lisp works as your regular user. Tracepoint format files need chmod a+r to allow non-root compilation with deftracepoint."
That's obviously not ideal. Better might be to create a purpose-built image. Unlike perl, sbcl doesn't even pretend to care about security. Taint mode extension for sbcl, anybody?
very cool and the person has the skills to do that. sad to see how the fully AI generated "why this matters" section in the blog gives a lingering vibe of slop.
18 comments
I enjoyed reading up on his fiber implementation and dabbling with the Java compiler/runtime integration.
https://atgreen.github.io/repl-yell/posts/sbcl-fibers/
https://github.com/atgreen/openldk
Kudos Anthony - you make the world a more interesting place ;-)
I'm in danger of being nerd sniped.
"Permissions without root
You don’t need root. Grant capabilities to SBCL:
sudo setcap cap_bpf,cap_perfmon+ep /usr/bin/sbcl
Now sbcl --load my-bpf-program.lisp works as your regular user. Tracepoint format files need chmod a+r to allow non-root compilation with deftracepoint."
That's obviously not ideal. Better might be to create a purpose-built image. Unlike perl, sbcl doesn't even pretend to care about security. Taint mode extension for sbcl, anybody?