lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Oct 2014 19:03:11 -0700 From: Andy Lutomirski <luto@...capital.net> To: David Miller <davem@...emloft.net> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Patrick McHardy <kaber@...sh.net>, Network Development <netdev@...r.kernel.org>, Thomas Graf <tgraf@...g.ch> Subject: Re: Netlink mmap tx security? On Tue, Oct 14, 2014 at 7:01 PM, David Miller <davem@...emloft.net> wrote: > From: Andy Lutomirski <luto@...capital.net> > Date: Tue, 14 Oct 2014 15:16:46 -0700 > >> It's at least remotely possible that there's something that assumes >> that assumes that the availability of NETLINK_RX_RING implies >> NETLINK_TX_RING, which would be unfortunate. > > I already found one such case, nlmon :-/ > > It also reminds me that I'll have to update > Documentation/networking/netlink_mmap.txt > > Thomas, the context is that we have to remove NETLINK_TX_RING support > (there is absolutely no way whatsoever to reliably keep some thread of > control from modifying the underlying pages while we parse and > validate the netlink request). > > I'd like to be able to do so while retaining NETLINK_RX_RING because > that works fine and is great for monitoring when the rate of events > is high. > > But I already have found userland pieces of code, like nlmon, which > assume that if one is present then both must be present. > > I really think this means I'll have to remove all of the netlink > mmap() support in order to prevent from breaking applications. :( > > The other option is to keep NETLINK_TX_RING, but copy the data into > a kernel side buffer before acting upon it. Option 3, which sucks but maybe not that badly: change the value of NETLINK_RX_RING. (Practically: add NETLINK_RX_RING2 or something like that.) --Andy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists