lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Feb 2017 16:39:52 -0700
From:   David Ahern <dsa@...ulusnetworks.com>
To:     Stephen Hemminger <stephen@...workplumber.org>,
        netdev@...r.kernel.org
Subject: Re: [PATCH] iproute2: hide devices starting with period by default

On 2/23/17 12:50 PM, Stephen Hemminger wrote:
> Some use cases create Linux networking devices which are not intended for use
> by normal networking. This is an enhancement to ip command to hide network
> devices starting with period (like files in normal directory).  Interfaces whose
> name start with "." are not shown by default, and the -a (or -all) flag must
> be used to show these devices.

Agree that some devices need to be hidden by default -- not just from
users but also other processes.

This solution is very narrow, only affecting iproute2 users. Any other
programs that use netlink or /proc files will continue to see those devices.

I started a patch a year ago that allows devices to marked as invisible
(attribute can be toggled at any time). Invisible devices do not show up
in netlink dumps, proc files or notifications. Netlink dumps can request
invisible devices to be included in a link dump. While it is more
intrusive, it is also more complete covering all of the paths in which
the device is shows up.

Also, changing the default behavior for iproute2 could break existing
users that have such device names.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ