lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANP3RGfdimCqGL=kdVQdYY0KHqVuVL3CL6arRh3EhdNhyrv9cw@mail.gmail.com>
Date:	Mon, 24 Oct 2011 22:07:20 -0700
From:	Maciej Żenczykowski <zenczykowski@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCH] net: allow CAP_NET_RAW to setsockopt SO_PRIORITY

> SO_PRIORITY influences the packet scheduler and internal
> queueing policies, not just the packet contents that hit
> the wire.
>
> Thus CAP_NET_ADMIN is the appropriate capability check.

I can certainly see why you would think that, but:

A raw socket can already spew traffic, ie. packets, with any content.
This includes VLAN tags and IPv4 TOS field, and IPv6 TCLASS field.
These are the fields used for packet prioritization at switches and in
the rest of network fabric.

AFAICT, it makes no sense to allow a raw socket to prioritize traffic
outside of the host, but
not allow it to prioritize traffic in the host.

- Maciej
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ