lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1425637010.2556.180.camel@jtkirshe-mobl>
Date:	Fri, 06 Mar 2015 02:16:50 -0800
From:	Jeff Kirsher <jeffrey.t.kirsher@...el.com>
To:	Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
Cc:	"e1000-devel@...ts.sourceforge.net" 
	<e1000-devel@...ts.sourceforge.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"Choi, Sy Jong" <sy.jong.choi@...el.com>,
	Hayato Momma <h-momma@...jp.nec.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"ben@...adent.org.uk" <ben@...adent.org.uk>
Subject: Re: [PATCH v2] ixgbe: make VLAN filter conditional

On Fri, 2015-03-06 at 09:46 +0000, Hiroshi Shimamoto wrote:
> > On Fri, 2015-03-06 at 06:04 +0000, Hiroshi Shimamoto wrote:
> > > > From: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
> > > >
> > > > Disable hardware VLAN filtering if netdev->features VLAN flag is
> > > dropped.
> > > >
> > > > In SR-IOV case, there is a use case which needs to disable VLAN
> > > filter.
> > > > For example, we need to make a network function with VF in
> > > virtualized
> > > > environment. That network function may be a software switch, a
> > > router
> > > > or etc. It means that that network function will be an end point
> > > which
> > > > terminates many VLANs.
> > > >
> > > > In the current implementation, VLAN filtering always be turned on
> > > and
> > > > VF can receive only 63 VLANs. It means that only 63 VLANs can be
> > > terminated
> > > > in one NIC.
> > > >
> > > > With this patch, if the user turns VLAN filtering off on the host,
> > > VF
> > > > can receive every VLAN packet.
> > > >
> > > > This VLAN filtering can be turned on or off when SR-IOV is disabled,
> > > if not
> > > > the operation is rejected.
> > >
> > > Hi,
> > >
> > > any comment about this?
> > > I added a warning message and prevent operation during SR-IOV is
> > > enabled.
> > 
> > Yes, the warning message you added says nothing of the huge security
> > hole this exposes.  We need a message the correctly expresses the
> > dangers in turning this off.
> 
> hm okay.
> Do you mean I should add a message like "this causes SECURITY issue", right?

Correct, you will need to notify the user that by turning off VLAN
filtering, this opens up serious security issues.  The message should
well inform the user of the potential dangers, so that if someone gets
hacked or information gets stolen because they turning off VLAN
filtering, that is was due to their choice to turn off this feature and
not a design flaw in the driver.

> > 
> > Also it does not appear that you addressed Ben Hutchings concerns, as I
> > asked.  Correct me if I am wrong and you did address Ben's concerns.
> 
> I think Ben's suggestion is to prevent turn VLAN filtering back on during
> VFs are used because that breaks guest's behavior.
> I added the code that make it impossible. We cannot turn on (or off) if
> the NIC has VFs.

And notify them that one they turn it off, then cannot turn it back on
if the NIC has VFs, so they will remain exposed and will continue to
have serious security issues.

> 
> thanks,
> Hiroshi



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ