lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20100703234813.GJ24655@chipmunk>
Date:	Sun, 4 Jul 2010 00:48:13 +0100
From:	Alexander Clouter <alex@...riz.org.uk>
To:	Philip Prindeville <philipp_subx@...fish-solutions.com>
Cc:	netdev@...r.kernel.org
Subject: Re: setsockopt(IP_TOS) being privileged or distinct capability?

Hi,

* Philip Prindeville <philipp_subx@...fish-solutions.com> [2010-07-03 17:07:52-0600]:
>
> On 7/3/10 12:55 PM, Alexander Clouter wrote:
>>    
>>> Does anyone else think that setsockopt(IP_TOS) should be a privileged
>>> operation, perhaps using CAP_NET_ADMIN, or maybe even adding separate
>>> granularity as CAP_NET_TOS?
>>>
>>>      
>> I really would prefer not having to run telnet and ssh *clients* as
>> root. :)
>
> Don't ping and traceroute -I currently run as root?
>
Indeed, but I have no idea what that has to do with ToS/DSCP flags?

ping and (old skool) traceroute use ICMP where you need to open a 
privileged socket; to send and receive ICMP packets.  Opening a UDP/TCP 
is an unprivileged operation and so is setsockopt(IP_TOS).

I'm guessing, if you excuse me Google-stalking you), this is all linked 
to:

https://bugzilla.mindrot.org/show_bug.cgi?id=1733

You have to bear in mind ToS is a marking that userland can utilise to 
request that the network provides it with a particular QoS, this does 
not mean for an instant the network has to honour that (I know my ISP 
does not and neither does my work network I sysadmin for)...otherwise 
nothing would stop me using:

iptables -t mangle -I POSTROUTING -j DSCP --set-dscp-class EF

QoS is meaningless unless you place boundaries on the policies; the 
ToS/DSCP marking should only be used as a *hint* for classification of 
traffic flows.

For example, 'interactive' and 'low latency' (in the case of SSH or 
telnet) should not exceed 10kB/s...unless you like to play 0verkill :)  
Anything marking it's traffic as interactive but shutting traffic at 
500kB/s is obviously telling lies.  If you build your policing rules to 
blindly accept whatever is in the ToS/DSCP field, you are configuring a 
DoS vector on your network.

Cheers

-- 
Alexander Clouter
.sigmonster says: A rolling stone gathers momentum.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ