lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 08 Jan 2013 13:28:26 -0500
From:	Vlad Yasevich <vyasevich@...il.com>
To:	Alex Elder <elder@...tank.com>
CC:	Florian Fainelli <florian@...nwrt.org>,
	Neil Horman <nhorman@...driver.com>, netdev@...r.kernel.org,
	David Miller <davem@...emloft.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-sctp@...r.kernel.org
Subject: Re: [PATCH v2] sctp: Change defaults on cookie hmac selection

On 01/08/2013 01:20 PM, Alex Elder wrote:
> On 01/08/2013 12:08 PM, Vlad Yasevich wrote:
>> On 01/08/2013 12:48 PM, Florian Fainelli wrote:
>>> Le 01/07/13 17:39, Vlad Yasevich a écrit :
>>>>>
>>>>>> Would that save all the config trouble?
>>>>>>
>>>>> Yes, it would fix it as Florian has noted, but at the cost of
>>>>> silently modifying
>>>>> what the default hmac config vaule is.  If you've expressly disabled
>>>>> SCTP_COOKIE_HMAC_MD5, and then blindly take the default choice in the
>>>>> SCTP_DEFAULT_COOKIE selection option (the default default as it
>>>>> were), using the
>>>>> approach your suggesting, then that will silently enable
>>>>> SCTP_COOKIE_HMAC_MD5
>>>>> again, which may not be expected by users.  If you expressly have a
>>>>> config
>>>>> option disabled in an old configuration, we should leave it there.
>>>>
>>>> GACK.  Just reproduced this and I really don't like this infinite loop
>>>> of choice prompts.  That's a horrible bug and we need to fix this.
>>>>
>>>> I don't think overriding the value is that big of a deal, especially
>>>> considering that this is exactly what 'make menuconfig' and other
>>>> graphical configs will do.
>>>> If I start with:
>>>>      CONFIG_IP_SCTP=m
>>>>      CONFIG_NET_SCTPPROBE=m
>>>>      # CONFIG_SCTP_DBG_MSG is not set
>>>>      # CONFIG_SCTP_DBG_OBJCNT is not set
>>>>      # CONFIG_SCTP_HMAC_NONE is not set
>>>>      CONFIG_SCTP_HMAC_SHA1=y
>>>>      # CONFIG_SCTP_HMAC_MD5 is not set
>>>>
>>>> then run:
>>>>      yes "" | make oldconfig
>>>>
>>>> I get an infinite loop.
>>>>
>>>> If I run "make menuconfig", I get:
>>>>      CONFIG_IP_SCTP=m
>>>>      CONFIG_NET_SCTPPROBE=m
>>>>      # CONFIG_SCTP_DBG_MSG is not set
>>>>      # CONFIG_SCTP_DBG_OBJCNT is not set
>>>>      CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
>>>>      # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set
>>>>      # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
>>>>      CONFIG_SCTP_COOKIE_HMAC_MD5=y
>>>>      # CONFIG_SCTP_COOKIE_HMAC_SHA1 is not set
>>>>
>>>> Note, that SHA1 is now overridden with MD5.
>>>>
>>>> If I change the value of the default choice in Kconfig, the behavior
>>>> between oldconfig and menuconfig is the same.
>>>
>>> Right, the issue is as simple as there is no default *valid* config
>>> symbol being proposed. In any case Neil's patch changes both config
>>> symbol names such that they are non-existent when transitionning from a
>>> pre-3.8-rc config and a 3.8-rc config. The following patch fixes this
>>> for me:
>>>
>>>   From c8e277512bafafc009a3fbf889c78d6b6a06d5fa Mon Sep 17 00:00:00 2001
>>> From: Florian Fainelli <florian@...nwrt.org>
>>> Date: Mon, 7 Jan 2013 14:26:15 +0100
>>> Subject: [PATCH] sctp: fix typo in default SCTP cookie choice
>>>
>>> Commit 0d0863b0 (sctp: Change defaults on cookie hmac selection)
>>> introduced a choice configuration option to select the default SCTP
>>> cookie hashing algorithm, a typo was introduced for the default choice.
>>> This is an issue when running make oldconfig because an explicit choice
>>> number must be entered since no default is available. This patch fixes
>>> the typo, thus providing a valid default choice.
>>>
>>> Signed-off-by: Florian Fainelli <florian@...nwrt.org>
>>
>> Hi Florian
>>
>> Alex Alder already sent the patch that Neil and I both acked, but I see
>> that Alex never sent it to netdev (just checked the headers).
>>
>> Oh well...  this is the same change that Alex sent, so ACK, and now it
>> can get into the tree.
>>
>> Acked-by: Vlad Yasevich <vyasevich@...il.com>
>>
>> Alex, please be sure to CC your patches to netdev as well.
>
> Sorry, I just sent my messages to the addresses listed
> on the commit that introduced the problem this fixed.
>
> Linus already pulled in the patch.
>

I see.. Then this is a noop ;)

-vlad

> 					-Alex
>
>> Thanks
>> -vlad
>>
>>> ---
>>>    net/sctp/Kconfig |    2 +-
>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>>> index c262106..7521d94 100644
>>> --- a/net/sctp/Kconfig
>>> +++ b/net/sctp/Kconfig
>>> @@ -68,7 +68,7 @@ config SCTP_DBG_OBJCNT
>>>          If unsure, say N
>>>    choice
>>>        prompt "Default SCTP cookie HMAC encoding"
>>> -    default SCTP_COOKIE_HMAC_MD5
>>> +    default SCTP_DEFAULT_COOKIE_HMAC_MD5
>>>        help
>>>          This option sets the default sctp cookie hmac algorithm
>>>          when in doubt select 'md5'
>>
>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ