lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 21 Jun 2011 13:46:45 -0700
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Florian Westphal <fw@...len.de>
Cc:	Prarit Bhargava <prarit@...hat.com>, netdev@...r.kernel.org,
	davem@...emloft.net, agospoda@...hat.com, nhorman@...hat.com,
	lwoodman@...hat.com
Subject: Re: [PATCH]: Add Network Sysrq Support

On Tue, 21 Jun 2011 22:37:20 +0200 Florian Westphal wrote:

> Randy Dunlap <rdunlap@...otime.net> wrote:
> > > diff --git a/Documentation/networking/sysrq-ping.txt b/Documentation/networking/sysrq-ping.txt
> > > new file mode 100644
> > > index 0000000..efa8be3
> > > --- /dev/null
> > > +++ b/Documentation/networking/sysrq-ping.txt
> > > @@ -0,0 +1,26 @@
> > > +In some circumstances, a system can hang/lockup in such a way that the system
> > > +is completely unresponsive to keyboard or console input but is still
> > > +responsive to ping.  The config option, CONFIG_SYSRQ_PING, builds
> > > +net/ipv4/sysrq-ping.ko which allows a root user to configure the system for a
> > 
> > or it can be built-in the kernel image... (i.e., not a loadable module)
> > 
> > > +remote sysrq.
> > > +
> > > +To use this do:
> > > +
> > > +mount -t debugfs none /sys/kernel/debug/
> > > +echo 1 > /proc/sys/kernel/sysrq
> > > +echo <hex digit val> > /sys/kernel/debug/network_sysrq_magic
> > > +echo 1 > /sys/kernel/debug/network_sysrq_enable
> > 
> > so all of this (insecure) stuff has to be done before you suspect that
> > you need it .. in case the local keyboard/console is dead.
> 
> There is an xt_SYSREQ module in xtables-addons package (i.e., a
> netfilter target), it supports hashed passwords and has some sequence
> number scheme to avoid replays.
> 
> I think it would make more sense to merge that upstream, simply because
> it seems to be a bit more advanced...

in which case I would prefer this patch instead of a netfilter patch.  :)

---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ