| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Jul 2010 06:18:07 -0700 From: Ben Greear <greearb@...delatech.com> To: Eric Dumazet <eric.dumazet@...il.com> CC: David Miller <davem@...emloft.net>, NetDev <netdev@...r.kernel.org> Subject: Re: [PATCH net-next-2.6] pktgen: Optionally leak kernel memory On 07/23/2010 10:23 PM, Eric Dumazet wrote: > Le vendredi 23 juillet 2010 à 16:14 -0700, Ben Greear a écrit : >> Some time back, someone added some memset() calls to pktgen to >> keep from leaking memory contents to the network. >> > > Well, someone might be me ;) > >> At least in our modified version of pktgen, this caused about 25% >> performance degradation when sending 1514 byte pkts (multi-pkt == 0) >> on a pair of 10G ports. It was easy enough to comment these memset >> calls out of course. >> >> I don't mind if this patch stays in, >> but thought I'd post my findings in case anyone else wonders why >> their pktgen slowed down... >> > > Thanks Ben > > Here is a patch adding a new pktgen flag, so that admins can choose > speed if they want to, if they dont use clone_skb to reduce skb setup > costs. It looks fine to me, though I have not actually tested it. > +Very fast mode > +============== > +One knob to get very fast pktgen is the UNSAFE flag : > + > +flag UNSAFE > + > +This ask to pktgen to not clear content of packets before sending them. > +Note this is a security problem, and should be used only if really needed. > +If packets are cloned (clone_skb 1000), clearing data cost is amortized so > +this UNSAFE mode is less interesting. I think most users of pktgen wouldn't be too concerned about leaking memory content to the network. It's a root-only test tool that can easily saturate most networks and do horrible things like overflow switch CAM tables by randomizing source/dest macs etc. So, this warning might could be a bit more descriptive of how it is a security problem "arbitrary contents of memory can be sent across the network and may be sniffed by devices on the network, potentially revealing private information such as passwords and application data for applications running on the machine running pktgen" instead of telling folks not to use it unless it's really needed. Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists