lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Sat, 7 Jul 2012 20:38:04 -0400
From:	Benjamin LaHaise <bcrl@...ck.org>
To:	David Miller <davem@...emloft.net>
Cc:	netdev@...r.kernel.org, linux-ppp@...r.kernel.org
Subject: Re: [PATCH next-next] ppp: change default for incoming protocol filter to NPMODE_DROP

On Sat, Jul 07, 2012 at 04:15:04PM -0700, David Miller wrote:
> From: Benjamin LaHaise <bcrl@...ck.org>
> Date: Fri, 6 Jul 2012 13:28:00 -0400
> 
> > How about the following addition instead to provide a list of
> > protocols to disable?
> 
> The userspace programs must accomodate all existing kernels, so
> the addition of this feature is rather pointless.

It's not existing kernels that this guards against, but the use of older 
versions of the API users on new kernels that support additional protocols.  
I'm in the middle of porting a PPP stack to using the ppp_generic interface, 
and there is no way for me to prevent packet types for protocols which are 
newly added to the kernel from getting these new packet types leaked.  I 
came across this exactly because I was testing this case.  I suppose I can 
ignore the issue, but I'd prefer to get it right since it is technically a 
security hole that bypasses PPP session authentication.

		-ben
-- 
"Thought is the essence of where you are now."
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists