| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 03 Mar 2010 15:33:01 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: "Zhu, Yi" <yi.zhu@...el.com> Cc: andrew hendry <andrew.hendry@...il.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: [PATCH 8/8] x25: use limited socket backlog Le mercredi 03 mars 2010 à 22:00 +0800, Zhu, Yi a écrit : > andrew hendry <andrew.hendry@...il.com> wrote: > > > Will wait for the next spin and in the meantime think if there is way > > to test it. x25 with no loopback and being so slow probably cant generate the same > > as your UDP case. > > I didn't find a way to drop the packet correctly. So I didn't change any behavior in > this patch. Nor did I do in the second spin. It will be fine if you also think x25 doesn't > need to limit its backlog size. So are we sure we cant flood X25 backlog, using X25 over IP ? You discovered a _fatal_ flaw in backlog processing, we should close all holes, not only UDP case. You can be sure many bad guys will inspect all possibilities to bring down Linux hosts. If you feel uncomfortable with a small limit, just stick a big one, like 256 packets, and you are 100% sure you wont break a protocol. If this limit happens to be too small, we can change it later. (No need to count bytes, since truesize includes kernel overhead, and this overhead depends on 32/64 wide of host and kernel versions) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists