lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20121019201430.GI17417@1wt.eu>
Date:	Fri, 19 Oct 2012 22:14:31 +0200
From:	Willy Tarreau <w@....eu>
To:	David Miller <davem@...emloft.net>
Cc:	bcrl@...ck.org, stable@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [stable 2.6.32.y PATCH 0/6] net: fixes for cached dsts are never invalidated

On Fri, Oct 19, 2012 at 04:07:11PM -0400, David Miller wrote:
> From: Willy Tarreau <w@....eu>
> Date: Fri, 19 Oct 2012 22:03:18 +0200
> 
> > On Fri, Oct 19, 2012 at 04:01:04PM -0400, David Miller wrote:
> >> From: Willy Tarreau <w@....eu>
> >> Date: Fri, 19 Oct 2012 21:55:57 +0200
> >> 
> >> > On Fri, Oct 19, 2012 at 03:49:30PM -0400, David Miller wrote:
> >> >> 
> >> >> How about checking if these changes are already in 3.0/3.2/etc. or not
> >> >> before asking such questions?
> >> > 
> >> > Because I didn't find the patches in 3.0 and Ben said he backported them
> >> > from 3.6, I think these are two valid reasons to ask, no ?
> >> 
> >> Well, the thing is, I personally don't consider them appropriate for
> >> 3.x.y -stable backports, and that's why I haven't submitted them.
> > 
> > OK. Is is because the issue is less important there or because the fix are
> > more risky than the issues they fix (or any other reason) ?
> 
> I have a different opinion about the risk/benefit ratio than Ben does.
> 
> I do not think these cases are important enough to enough people to
> justify -stable inclusion at all.

OK, thanks for the precision.

So maybe in the end we should just merge d11a4dc18 that Ben found to be
the least invasive one fixing the issues, and we'd be in sync with the
rest of the stable branches, even if, as you noted a few days ago, it's
only a partial fix for the issue.

Ben, what's your opinion on this ? I know it's never fun to do backports
and not merge them later, but I trust David more than anyone else on the
network part, so if he decided that while incomplete, the patch above
was all that was needed for other stable branches, maybe we should just
stay on the safe side and do the same ?

Willy

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ