| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Nov 2007 18:25:00 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Simon Horman <horms@...ge.net.au> Cc: Julian Anastasov <ja@....bg>, David Miller <davem@...emloft.net>, borntraeger@...ibm.com, netdev@...r.kernel.org, ebiederm@...ssion.com, wensong@...ux-vs.org Subject: Re: [PATCH] IPVS: Fix sysctl warnings about missing strategy Simon Horman <horms@...ge.net.au> writes: > On Thu, Nov 15, 2007 at 02:38:32AM +0200, Julian Anastasov wrote: > > Hi Julian, > >> On Tue, 13 Nov 2007, Simon Horman wrote: > > [snip] > >> > As for the commented out entries. They are supposed to be exposed by >> > some other means - I believe the thinking was to comply with the don't >> > expose stuff in proc any more idea. Where is the best place to expose >> > this kind of stuff? >> >> I assume /proc/sys is still valid place, only sysctl interface >> is scheduled for removal. > > I'm happy to add them there, so long as that is a good place. For simple integer values /proc/sys (ala the ascii sysctl interface) seems as good as any to me. The binary interface is problematic because it doesn't get used and so we don't show proper discipline with binary integers leading to silent ABI changes, and the actual implementation of the handler routines get out of sync with the proc side giving us different meanings. >> So, as long as these entries are not >> accessible from sysctl it is safe to run without strategy handler but if >> values can be changed then we will need strategy handler to >> properly call update_defense_level() as done in proc_do_defense_mode() >> as proc_handler. There could be side effects if new mode is not applied. > > I'm not sure what you are getting at there. I did write a stratergy > for update_defense_level(), but I didn't post it, as I thought that > it would not be needed if CTL_UNNUMBERED is used. Strategy routines are never called if CTL_UNNUMBERED is used. So you should be safe just killing the ctl_name field or setting it explicitly to CTL_UNNUMBERED. Eric - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists