| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Nov 2012 11:02:50 -0400
From: Brian Haley <brian.haley@...com>
To: Pavel Emelyanov <xemul@...allels.com>
CC: David Miller <davem@...emloft.net>,
Eric Dumazet <eric.dumazet@...il.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] sockopt: Change getsockopt() of SO_BINDTODEVICE
to return an interface name
On 11/02/2012 05:36 AM, Pavel Emelyanov wrote:
>> +static int sock_getbindtodevice(struct sock *sk, char __user *optval,
>> + int __user *optlen, int len)
>> +{
>> + int ret = -ENOPROTOOPT;
>> +#ifdef CONFIG_NETDEVICES
>> + struct net *net = sock_net(sk);
>> + struct net_device *dev;
>> + char devname[IFNAMSIZ];
>> +
>> + if (sk->sk_bound_dev_if == 0) {
>> + len = 0;
>> + goto zero;
>> + }
>> +
>> + ret = -EINVAL;
>> + if (len < IFNAMSIZ)
>> + goto out;
>> +
>> + rcu_read_lock();
>> + dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if);
>> + if (dev)
>> + strcpy(devname, dev->name);
>
> This still races with the device name change, potentially providing
> a name which never existed in the system, doesn't it?
My only argument here is that SIOCGIFNAME has had this same code forever, and
noone has ever complained about that returning a garbled name. Even
dev_get_by_name() only holds an rcu lock when doing a strncmp().
We'd need to audit the whole kernel to catch all the places where we potentially
look at dev->name while it could change. Is it really worth it?
-Brian
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists