lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4D62DD5D.2040902@ka9q.net>
Date:	Mon, 21 Feb 2011 13:47:09 -0800
From:	Phil Karn <karn@...q.net>
To:	Brent Cook <bcook@...akingpoint.com>
CC:	Michał Mirosław <mirqus@...il.com>,
	Eric Dumazet <eric.dumazet@...il.com>,
	richard -rw- weinberger <richard.weinberger@...il.com>,
	kaber@...sh.net, netdev@...r.kernel.org
Subject: Re: Off-by-one error in net/8021q/vlan.c

On 2/21/11 11:26 AM, Brent Cook wrote:

>> Allowing it but with a big fat warning in logs is even better: "You
>> want your network broken? Sure, can do, but you have been warned."

*By all means* have vconfig issue a warning for 4095 just as it already
does for vlan 1.

As I explained the only reason I wanted to do this was to talk to a
piece of equipment that had been misconfigured to use vlan 4095 so I
could fix it. At the time I was using a newly built Linux system running
off a live CD, and only it had a physical network connection to the
device I was trying to fix.

I'm reminded of the classic example of an airliner that is so "smart"
and "idiot proof" that it always disallows a throttle setting that might
shorten the life of the engines.

The designers hadn't considered the possibility that such a setting
might be necessary to avoid a crash that, too, shortens engine life.

The obvious answer is to allow it but make sure he knows what he's
doing. So it takes noticeably more force to push the handles past the
safe limits, but it can be done if you really want to.

So if an airliner allows a command that might cause costly engine
damage, I think Linux can allow a command that violates a usage
convention written in a spec. With a warning, of course.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ