lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <cafecbeb-7d4d-489c-177d-29fff78eb4d1@gmail.com> Date: Fri, 24 Sep 2021 19:57:19 -0600 From: David Ahern <dsahern@...il.com> To: Leonard Crestez <cdleonard@...il.com>, Dmitry Safonov <0x7f454c46@...il.com>, David Ahern <dsahern@...nel.org>, Shuah Khan <shuah@...nel.org> Cc: Eric Dumazet <edumazet@...gle.com>, "David S. Miller" <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, Kuniyuki Iwashima <kuniyu@...zon.co.jp>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, Jakub Kicinski <kuba@...nel.org>, Yuchung Cheng <ycheng@...gle.com>, Francesco Ruggeri <fruggeri@...sta.com>, Mat Martineau <mathew.j.martineau@...ux.intel.com>, Christoph Paasch <cpaasch@...le.com>, Ivan Delalande <colona@...sta.com>, Priyaranjan Jha <priyarjha@...gle.com>, Menglong Dong <dong.menglong@....com.cn>, netdev@...r.kernel.org, linux-crypto@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default On 9/21/21 10:14 AM, Leonard Crestez wrote: > This is mainly intended to protect against local privilege escalations > through a rarely used feature so it is deliberately not namespaced. > > Enforcement is only at the setsockopt level, this should be enough to > ensure that the tcp_authopt_needed static key never turns on. > > No effort is made to handle disabling when the feature is already in > use. > MD5 does not require a sysctl to use it, so why should this auth mechanism?
Powered by blists - more mailing lists