lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20070425.131847.26277170.davem@davemloft.net>
Date:	Wed, 25 Apr 2007 13:18:47 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	torvalds@...ux-foundation.org
Cc:	kuznet@....inr.ac.ru, security@...nel.org, greg@...ah.com,
	netdev@...r.kernel.org, jaco@...on.co.za
Subject: Re: [Security] [PATCH] infinite recursion in netlink

From: Linus Torvalds <torvalds@...ux-foundation.org>
Date: Wed, 25 Apr 2007 13:15:12 -0700 (PDT)

> If so, shouldn't we also have some safety-net to make sure it doesn't 
> still get routed back forever, ie adding something like
> 
> 	if (!pid) {
> 		skb_free(skb);
> 		return -EINVAL;
> 	}
> 
> or similar? I don't know the netlink layer from a dolphin, but if the old 
> code could cause infinite recursion, it sounds like the new code could too 
> with the right pid, since the only change is the choice of pid.

Netlink pids are more like "port numbers" in the socket sense, do
not confuse them with process pids or similar.

The kernel explicitly assigns them to sockets, and zero is special.
The fact that the process pid of the socket creator is used as
an initial selection heuristic, is just that, a heuristic.

Alexey's fix is %100 the right way to go IMHO.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ