| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Sep 2022 18:30:08 +0200
From: Petr Machata <petrm@...dia.com>
To: <Daniel.Machon@...rochip.com>
CC: <vladimir.oltean@....com>, <netdev@...r.kernel.org>,
<Allan.Nielsen@...rochip.com>, <UNGLinuxDriver@...rochip.com>,
<maxime.chevallier@...tlin.com>, <petrm@...dia.com>,
<kuba@...nel.org>, <vinicius.gomes@...el.com>,
<thomas.petazzoni@...tlin.com>
Subject: Re: [RFC PATCH net-next 2/2] net: dcb: add new apptrust attribute
<Daniel.Machon@...rochip.com> writes:
> Den Fri, Sep 09, 2022 at 12:29:50PM +0000 skrev Vladimir Oltean:
>
>> Let's say I have a switch which only looks at VLAN PCP/DEI if the bridge
>> vlan_filtering setting is enabled (otherwise, the switch is completely
>> VLAN unaware, including for QoS purposes).
>>
>> Would it be ok to report through ieee_getapptrust() that the PCP
>> selector is trusted when under a vlan_filtering bridge, not trusted when
>> not under a vlan_filtering bridge, and deny changes to ieee_setapptrust()
>> for the PCP selector? I see the return value is not cached anywhere
>> within the kernel, just passed to the user.
>
> Therefore, in your particular case, with the vlan_filtering on/off,
> yes that would be OK IMO. Any concerns?
Yeah, it would make sense to me. With the 802.1q bridge, the reported
trust level would be [PCP], with 802.1d it would be [].
As a service to the user, I would accept set requests that just reassert
the only valid configuration, but otherwise it sounds OK to me.
Powered by blists - more mailing lists