| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Apr 2017 10:52:26 -0400 (EDT)
From: David Miller <davem@...emloft.net>
To: adobriyan@...il.com
Cc: eric.dumazet@...il.com, steffen.klassert@...unet.com,
edumazet@...gle.com, netdev@...r.kernel.org
Subject: Re: [PATCH] net: move padding in struct skb_shared_info
From: Alexey Dobriyan <adobriyan@...il.com>
Date: Tue, 11 Apr 2017 12:41:08 +0300
> On Mon, Apr 10, 2017 at 5:43 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
>> On Mon, 2017-04-10 at 11:07 +0300, Alexey Dobriyan wrote:
>>> struct skb_shared_info {
>>> - unsigned short _unused;
>>> unsigned char nr_frags;
>>> __u8 tx_flags;
>>> unsigned short gso_size;
>>
>> Nack
>>
>> This exact placement was discussed at Netconf and Netdev.
>>
>> We had off-by-one errors in the past leading to nr_frags being mangled,
>> and some exploits were quite happy to use these bugs.
>>
>> Some shuffling in shared_info might help us to find other bugs, and give
>> more work to security researchers
>
> By this logic there should be redzone around every field in networking stack.
It is not a general rule, but a situation we specifically know about
here for this structure and how exploits are actively being coded.
I would like to politely ask that we don't strive so strongly for
"tree wide rules" that we fail to see the need for specific handling
in specific situations as is the case here.
Thank you.
Powered by blists - more mailing lists