lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160716112632.GA7096@grep.be>
Date:	Sat, 16 Jul 2016 13:26:32 +0200
From:	Wouter Verhelst <w@...r.be>
To:	Pranay Srivastava <pranjas@...il.com>
Cc:	Alex Bligh <alex@...x.org.uk>,
	"nbd-general@...ts.sourceforge.net" 
	<nbd-general@...ts.sourceforge.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [Nbd] [PATCH 2/2] nbd: Disallow ioctls on disconnected block
 device

On Sat, Jul 16, 2016 at 03:38:40PM +0530, Pranay Srivastava wrote:
> Okay. So how about we include some negotiated key which goes in with every
> request which the server could maintain for clients that can be checked while
> resetting the connection with the same server?

Wut?

> So am I correct that this situation can
> indeed happen or the server will throw an error back to client in case
> the troubled
> nbd-client is trying to reconnect to the original server but requests
> are going to
> another server?
> 
> If yes to above query then what is the best effort we can do to avoid
> such scenarios?

Tell userspace not to do stupid things?

This isn't a problem. The kernel assumes that whatever userspace does,
once the connection is set up again everything's the way it was before.
If that's not true, then userspace is to blame, not kernel space.

Adding a "key" which we need to pass is going to make things wildly more
complicated for no benefit.

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
       people in the world who think they really understand all of its rules,
       and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ