| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Nov 2007 17:33:12 -0800 From: Simon Horman <horms@...ge.net.au> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Julian Anastasov <ja@....bg>, David Miller <davem@...emloft.net>, borntraeger@...ibm.com, netdev@...r.kernel.org, wensong@...ux-vs.org Subject: Re: [PATCH] IPVS: Fix sysctl warnings about missing strategy On Wed, Nov 14, 2007 at 06:25:00PM -0700, Eric W. Biederman wrote: > Simon Horman <horms@...ge.net.au> writes: > > > On Thu, Nov 15, 2007 at 02:38:32AM +0200, Julian Anastasov wrote: > > > > Hi Julian, > > > >> On Tue, 13 Nov 2007, Simon Horman wrote: > > > > [snip] > > > >> > As for the commented out entries. They are supposed to be exposed by > >> > some other means - I believe the thinking was to comply with the don't > >> > expose stuff in proc any more idea. Where is the best place to expose > >> > this kind of stuff? > >> > >> I assume /proc/sys is still valid place, only sysctl interface > >> is scheduled for removal. > > > > I'm happy to add them there, so long as that is a good place. > > For simple integer values /proc/sys (ala the ascii sysctl interface) > seems as good as any to me. Understood. > The binary interface is problematic because it doesn't get used and > so we don't show proper discipline with binary integers leading to > silent ABI changes, and the actual implementation of the handler > routines get out of sync with the proc side giving us different > meanings. > > >> So, as long as these entries are not > >> accessible from sysctl it is safe to run without strategy handler but if > >> values can be changed then we will need strategy handler to > >> properly call update_defense_level() as done in proc_do_defense_mode() > >> as proc_handler. There could be side effects if new mode is not applied. > > > > I'm not sure what you are getting at there. I did write a stratergy > > for update_defense_level(), but I didn't post it, as I thought that > > it would not be needed if CTL_UNNUMBERED is used. > > Strategy routines are never called if CTL_UNNUMBERED is used. So you > should be safe just killing the ctl_name field or setting it > explicitly to CTL_UNNUMBERED. Thanks Eric, thats more or less what I thought. -- Horms, California Edition - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists