lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170929082111.50e0c972@xeon-e3>
Date:   Fri, 29 Sep 2017 08:21:11 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     "Jason A. Donenfeld" <Jason@...c4.com>
Cc:     Netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Daniel Kahn Gillmor <dkg@...thhorseman.net>
Subject: Re: netlink backwards compatibility in userspace tools

On Fri, 29 Sep 2017 12:22:42 +0200
"Jason A. Donenfeld" <Jason@...c4.com> wrote:

> Hi guys,
> 
> One handy aspect of Netlink is that it's backwards compatible. This
> means that you can run old userspace utilities on new kernels, even if
> the new kernel supports new features and netlink attributes. The wire
> format is stable enough that the data marshaled can be extended
> without breaking compat. Neat.
> 
> I was wondering, though, what you think the best stance is toward
> these old userspace utilities. What should they do if the kernel sends
> it netlink attributes that it does not recognize? At the moment, I'm
> doing something like this:
> 
> static void warn_unrecognized(void)
> {
>     static bool once = false;
>     if (once)
>         return;
>     once = true;
>     fprintf(stderr,
>         "Warning: this program received from your kernel one or more\n"
>         "attributes that it did not recognize. It is possible that\n"
>         "this version of wg(8) is older than your kernel. You may\n"
>         "want to update this program.\n");
> }
> 
> This seems like a somewhat sensible warning, but then I wonder about
> distributions like Debian, which has a long stable life cycle, so it
> frequently has very old tools (ancient iproute2 for example). Then,
> VPS providers have these Debian images run on top of newer kernels.
> People in this situation would undoubtedly see the above warning a lot
> and not be able to do anything about it. Not horrible, but a bit
> annoying. Is this an okay annoyance? Or is it advised to just have no
> warning at all? One idea would be to put it behind an environment
> variable flag, but I don't like too many nobs.
> 
> I'm generally wondering about attitudes toward this kind of userspace
> program behavior in response to newer kernels.
> 
> Thanks,
> Jason

I can not see a reason that such a warning is required.
Old utilities should just work fine, they just won't show or allow
setting attributes they don't understand.

Any netlink attributes that the tools do not recognize should just
be ignored.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ