| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Oct 2008 19:07:39 +0200 From: Willy Tarreau <w@....eu> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH] add a sysctl to disable TCP simultaneous connection opening On Wed, Oct 08, 2008 at 09:42:12AM -0700, David Miller wrote: > > I'm not really interested in applying this. OK. > You can make the same argument for just about any queer corner case > aspect of TCP. Not exactly since there are very few corner cases not conditionned by guessing a 32-bit sequence number, and this one certainly is. > The world hasn't ended even though this patch hasn't applied since > 2005 Oh don't take me wrong. I'm pretty much convinced this is not critical at all. It's just that it's a tempting attack vector for an easy DoS proof of concept relying on a feature not even usable today. > and that's a good argument to not apply "yet another random knob" > to the kernel. OK for the random knob. If you feel comfortable with a patch to simply remove the feature, I can send you such a patch too. BTW, the strange netstat output I got also shows that the code paths involved to support this feature are not much exercised, which would be another argument to disable it. Anyway, I'm not trying to put any pressure. I can continue to live with the ifdef patch in my trees. I just wanted to get your opinion on this one since the discussion I initiated about it in 2005 brought to nowhere. Regards, Willy -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists