lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 11 Jul 2007 15:44:43 +0300
From:	Rémi Denis-Courmont <rdenis@...phalempin.com>
To:	YOSHIFUJI Hideaki /
	 吉藤英明 
	<yoshfuji@...ux-ipv6.org>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH] IPv6: optionaly validate RAs on raw sockets

On Wednesday 11 July 2007 15:29:16 YOSHIFUJI Hideaki / 吉藤英明 wrote:
> In article <200707102111.18824@...uste.remlab.net> (at Tue, 10 Jul 2007 
21:11:17 +0300), Remi Denis-Courmont <rdenis@...phalempin.com> says:
> > ICMPv6 Router Advertisements may now contain informations that is
> > mostly of interest to userland. This currently mostly consists of
> > recursive DNS server addresses (though one should expect other
> > stuff to come).
>
> I really do not want to have such non-standard API in kernel.

I can only think of a very limited set of ways to extract options from RAs 
that the kernel currently ignores:

1) parse everything in kernel addrconf.c
2) validate RA in kernel, parse userland options in userland
3) parse everything in userland
4) do not support any option of interest to userland ever
5) userland and kernel do their own cooking separately

netdev folks already rejected (1) earlier. You just rejected (2) this instant. 
(3) implies removing addrconf from the kernel completely, which does not 
sound good, besides being a big waste. (4) means Linux is unusable on IPv6 
networks. And it's already been pointed out (5) was not safe/secure (userland 
may end up accepting something when it should not).

I might be missing something because I am a notoriously arrogant moron but it 
looks like Linux IPv6 is in a dead-end for the time being :-(

What do you propose then?

-- 
Rémi Denis-Courmont
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ