| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Dec 2010 14:47:06 +0100
From: Pierre Ossman <pierre-list@...man.eu>
To: netdev@...r.kernel.org
Cc: "David S. Miller" <davem@...emloft.net>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
"Pekka Savola (ipv6)" <pekkas@...core.fi>,
James Morris <jmorris@...ei.org>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
Patrick McHardy <kaber@...sh.net>
Subject: [RFC][PATCH] Export all RA options that we don't handle to
userspace
Second patch that exports everything. If noone objects to this model,
then merge the two patches and just use the commit message from the
second one.
Pros:
- Kernel doesn't need to be updated for every new RA option that might
show up.
Cons:
- Possible security issue if it requires less privilege to read these
netlink messages than to open a raw ICMPv6 socket.
- List of types the kernel is interested in is now in two places in the
code, creating a risk for getting out of sync. I tried to come up
with a structure that would prevent this, but couldn't think of
anything that wouldn't require large changes. Ideas welcome...
Rgds
--
-- Pierre Ossman
WARNING: This correspondence is being monitored by FRA, a
Swedish intelligence agency. Make sure your server uses
encryption for SMTP traffic and consider using PGP for
end-to-end encryption.
View attachment "0002-ipv6-give-userspace-all-RA-options-that-we-do-not-ca.patch" of type "text/x-patch" (2480 bytes)
Download attachment "signature.asc" of type "application/pgp-signature" (231 bytes)
Powered by blists - more mailing lists