lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Jul 2011 22:15:40 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: anton@...ba.org Cc: mjt@....msk.ru, davem@...emloft.net, casey@...aufler-ca.com, netdev@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. Anton Blanchard wrote: > > > When I saw recvmmsg()/sendmmsg() here, my first thought was an > > > authoritative DNS server which can read several requests at a > > > time and answer them all at once too - this way it all will go > > > to different addresses. > > > > I don't know what application wants sendmmsg(). Since users can send > > up to UIO_MAXIOV (= 1024) "struct iovec" blocks using sendmsg(), they > > will use sendmsg() rather than sendmmsg() if the destination address > > are the same. > > But if an application needs to maintain packet boundaries, then sendmsg > isn't going to help is it? Well, such application might want to use RDM or SeqPacket... but your point is to maintain packet boundaries. You are assuming that sendmmsg() will be used for sending as much data as possible while preserving packet boundaries. OK. Then, the question is how to reduce performance loss by redundant security_socket_sendmsg() calls. If sendmmsg() likely contains single (or few) destination(s), trying to optimize security_socket_sendmsg() calls by comparing destination address (as proposed at http://www.spinics.net/linux/fedora/linux-security-module/msg11510.html ) would help. Otherwise, no optimization (as proposed at http://www.spinics.net/linux/fedora/linux-security-module/msg11504.html ) would be better. Which approach do you like? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists