lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6A9C1580-8B7B-42DB-B37A-A948F68E3FFF@oracle.com>
Date:   Thu, 1 Jun 2023 16:34:08 +0000
From:   Anjali Kulkarni <anjali.k.kulkarni@...cle.com>
To:     Jakub Kicinski <kuba@...nel.org>
CC:     "davem@...emloft.net" <davem@...emloft.net>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "zbr@...emap.net" <zbr@...emap.net>,
        "brauner@...nel.org" <brauner@...nel.org>,
        "johannes@...solutions.net" <johannes@...solutions.net>,
        "ecree.xilinx@...il.com" <ecree.xilinx@...il.com>,
        "leon@...nel.org" <leon@...nel.org>,
        "keescook@...omium.org" <keescook@...omium.org>,
        "socketcan@...tkopp.net" <socketcan@...tkopp.net>,
        "petrm@...dia.com" <petrm@...dia.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH v4 1/6] netlink: Reverse the patch which removed filtering



> On Jun 1, 2023, at 9:24 AM, Jakub Kicinski <kuba@...nel.org> wrote:
> 
> On Thu, 1 Jun 2023 16:15:31 +0000 Anjali Kulkarni wrote:
>>>> I don't have sufficient knowledge to review that code, sorry :(  
>>> 
>>> Is there anyone who can please help review this code? 
>>> Christian, could you please help take a look?
>> 
>> Gentle ping again - Christian could you please help review?
> 
> The code may have security implications, I really don't feel like I can
> be the sole reviewer. There's a bunch of experts working at Oracle,
> maybe you could get one of them to put their name on it? I can apply
> the patches, I just want to be sure I'm not the _only_ reviewer.

Thanks so much for your response. There is someone at Oracle who looked at this some time ago and is familiar enough with this to review the code - but he is not a kernel committer - he sends occasional patches upstream which get committed - would it be ok if he reviewed it along with you and then you could commit it? If you know of someone from Oracle who could also potentially review it, please let me know.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ