lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20151112142717.7144e931@xeon-e3>
Date:	Thu, 12 Nov 2015 14:27:17 -0800
From:	Stephen Hemminger <stephen@...workplumber.org>
To:	"Jason A. Donenfeld" <Jason@...c4.com>
Cc:	Austin S Hemmelgarn <ahferroin7@...il.com>,
	David Miller <davem@...emloft.net>,
	LKML <linux-kernel@...r.kernel.org>,
	Netdev <netdev@...r.kernel.org>
Subject: Re: Is ndo_do_ioctl still acceptable?

On Thu, 12 Nov 2015 23:19:06 +0100
"Jason A. Donenfeld" <Jason@...c4.com> wrote:

> On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn
> <ahferroin7@...il.com> wrote:
> >>
> > On the other hand, based on what you are saying about your device, it sounds
> > like you are working on some kind of cryptographically secured (either
> > authenticated or encrypted or both) tunnel, in which case the fact that
> > security is easier to handle with netlink than ioctls becomes important.  If
> > you can't ensure security of the endpoint configuration, you can't ensure
> > security of the tunnel itself.
> 
> Could you substantiate these claims that "security is easier to handle
> with netlink". I've never heard this and I don't know why it'd be the
> case. Are you referring to the fact that the copy_to/from_user dance
> of ioctl opens up more potential vulnerabilities than netlink's
> abstracted validation? Or something else? Just confused here...

It means that with netlink it possible to checks on field types and lengths
in generic manner. Ioctl's have the whole compat mess to deal with.
Also when using seccomp it is possible to write code to look at netlink
messages. With ioctl's that is much more difficult especially since the
same ioctl may have different meanings for each device type.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ