lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20131114204758.GA22417@redhat.com>
Date:	Thu, 14 Nov 2013 15:47:59 -0500
From:	Jay Fenlason <fenlason@...hat.com>
To:	David Miller <davem@...emloft.net>
Cc:	johunt@...mai.com, netdev@...r.kernel.org,
	venkat.x.venkatsubra@...cle.com, linux-kernel@...r.kernel.org,
	jjolly@...e.com, honli@...hat.com
Subject: Re: [PATCH] rds: fix local ping DoS

On Thu, Nov 14, 2013 at 02:03:55AM -0500, David Miller wrote:
> From: Josh Hunt <johunt@...mai.com>
> Date: Wed, 13 Nov 2013 17:15:43 -0800
> 
> > The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets
> > (RDS) protocol implementation allows local users to cause a denial of service
> > (BUG_ON and kernel panic) by establishing an RDS connection with the source
> > IP address equal to the IPoIB interface's own IP address, as demonstrated by
> > rds-ping.
> > 
> > A local unprivileged user could use this flaw to crash the system.
> > 
> > CVE-2012-2372
> > 
> > Reported-by: Honggang Li <honli@...hat.com>
> > Signed-off-by: Josh Hunt <johunt@...mai.com>
> 
> I'm sorry I can't apply this.  This commit message needs to be much
> less terse and explain things more.
> 
> First of all, why is the "off % RDS_FRAG_SIZE" important?
> 
> And, even more importantly, why is is OK to avoid this assertion just
> because we're going over loopback?
> 
> Furthermore, why doesn't net/rds/iw_send.c:rds_iw_xmit() have the same
> exact problem?  It makes the same exact assertion check.
> 
> I know this RDS code is a steaming pile of poo, but that doesn't mean
> we just randomly adjust assertions to make crashes go away without
> sufficient understanding of exactly what's going on.

And that is why rds should be moved to staging, where nobody will
accidentally think that it is actually being maintained.

			-- JF
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ