| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Jul 2012 20:38:04 -0400 From: Benjamin LaHaise <bcrl@...ck.org> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, linux-ppp@...r.kernel.org Subject: Re: [PATCH next-next] ppp: change default for incoming protocol filter to NPMODE_DROP On Sat, Jul 07, 2012 at 04:15:04PM -0700, David Miller wrote: > From: Benjamin LaHaise <bcrl@...ck.org> > Date: Fri, 6 Jul 2012 13:28:00 -0400 > > > How about the following addition instead to provide a list of > > protocols to disable? > > The userspace programs must accomodate all existing kernels, so > the addition of this feature is rather pointless. It's not existing kernels that this guards against, but the use of older versions of the API users on new kernels that support additional protocols. I'm in the middle of porting a PPP stack to using the ppp_generic interface, and there is no way for me to prevent packet types for protocols which are newly added to the kernel from getting these new packet types leaked. I came across this exactly because I was testing this case. I suppose I can ignore the issue, but I'd prefer to get it right since it is technically a security hole that bypasses PPP session authentication. -ben -- "Thought is the essence of where you are now." -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists