lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 17 Nov 2015 19:56:08 -0800
From:	Tom Herbert <tom@...bertland.com>
To:	Lorenzo Colitti <lorenzo@...gle.com>
Cc:	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Eric Dumazet <edumazet@...gle.com>, Erik Kline <ek@...gle.com>,
	maze@...gle.com, dtor@...gle.com
Subject: Re: Add a SOCK_DESTROY operation to close sockets from userspace

On Tue, Nov 17, 2015 at 5:43 PM, Lorenzo Colitti <lorenzo@...gle.com> wrote:
> This patch series adds the ability for a privileged process to
> destroy sockets belonging to other userspace processes via the
> sock_diag interface, and implements that for TCP sockets.
>
> This functionality is needed on laptops and mobile hosts to
> ensure that network switches / disconnects do not result in
> applications being blocked for long periods of time (minutes) in
> read or connect calls on TCP sockets that will never succeed
> because the IP address they are bound to is gone. Closing the
> sockets in the protocol layer causes these calls to fail fast and
> allows applications to reconnect on another network.
>
> For many years Android kernels have done this via an out-of-tree
> SIOCKILLADDR ioctl that is called when networks disconnect, but
> this solution is cleaner, more robust and more flexible. The
> system can iterate over all connections on the deleted IP address
> and close all of them. But it can also close all sockets opened
> by a given process on a given network, for example if the user
> has restricted that process from using that network, or if a
> secure network such as a VPN is now being applied to the
> application and thus previously-established connections are
> blackholed.
>
> The patch series only implements SOCK_DESTROY for TCP sockets,
> but the mechanism can be extended to any protocol family that
> supports the sock_diag interface.
>
I assume that SIOCKILLADDR was restricted to only closing connections
related to add addresses going away, but SOCK_DESTROY seems to allow
arbitrarily killing connections without publicized cause. This
interface, even though it is for a privileged user, should be no more
powerful than it needs to be. Minimally, the application should get at
least get a clear error that the local host administratively killed
the connection, ETIMEDOUT does not provide that.

Tom

>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists