lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200801030901.38962.paul.moore@hp.com>
Date:	Thu, 3 Jan 2008 09:01:37 -0500
From:	Paul Moore <paul.moore@...com>
To:	hadi@...erus.ca
Cc:	Jarek Poplawski <jarkao2@...il.com>, netdev@...r.kernel.org
Subject: Re: [RFC PATCH] NET: Clone the sk_buff->iif field properly

On Thursday 03 January 2008 6:23:22 am jamal wrote:
> On Thu, 2008-03-01 at 10:58 +0100, Jarek Poplawski wrote:
> > On 02-01-2008 17:01, Paul Moore wrote:
> > > This patch is needed by some of the labeled networking changes proposed
> > > for 2.6.25, does anyone have any objections?
> >
> > Probably Jamal could be the most interested (added to CC):
>
> Gracias Jarek.

Yes, thank you.  One of these days I need to learn some git commands other 
than clone, update, and push ;)

> Paul, (out of curiosity more than anything) what are the circumstances
> of the cloned skb - are you going to reinject it back at some point?

Well, I'm not planning on reinjecting the cloned skb at present (doesn't mean 
I won't think up some contrived use in the future) but the stack appears to 
do this already in a few cases and it is causing problems when we try to 
perform access control on the cloned skb.  The git-lblnet "horkage" in 
the -mm tree just before the holiday is the most notable example.

> I cant think of any good reason why iif shouldnt be copied - thats how
> its been from the begining (dammit;->). The reason it hasnt mattered so
> far is everything that needs to write the iif never copied (refer to
> Documentation/networking/tc-actions-env-rules.txt). For correctness i
> think it should be copied. So no objections;

Great.

> The better patch would be to just put it in skb_clone and remove it from
> tc_act_clone.

I assume you mean skb_act_clone()?  That sounds like the best idea, I'll fixup 
the patch and resend it today for more review.

Thanks guys.

-- 
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ