| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200804241826.52507.rdenis@simphalempin.com> Date: Thu, 24 Apr 2008 18:26:52 +0300 From: Rémi Denis-Courmont <rdenis@...phalempin.com> To: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org> Cc: davem@...emloft.net, ellre923@...il.com, wangchen@...fujitsu.com, netdev@...r.kernel.org Subject: Re: [PATCH] RAW6: Do not allow set IPV6_CHECKSUM for ICMPv6 socket Le Thursday 24 April 2008 15:19:53 YOSHIFUJI Hideaki / 吉藤英明, vous avez écrit : > RFC3542 discusses about IPPROTO_IPV6 level IPV6_CHECKSUM socket option > only. IPPROTO_RAW level IPV6_CHECKSUM socket option is undocumented Linux > extension. So, we are free to choose allowing setting that option on > ICMPv6 socket as we have been doing. I wonder why RFC3542 forbids the contentious case. Is it a security consideration, that userland should not be allowed to create bogus ICMPv6 packets (IPV6_CHECKSUM can be set after dropping root after opening a raw socket, right?), or is it just some random IETF folklore ?? I'd note that my ndisc6 package does call setsockopt(SOL_IPV6, ICMPV6_CHECKSUM). Fortunately, it does not check for error values, so I don't really care if this is changed. -- Rémi Denis-Courmont http://www.remlab.net/ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists