lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <50EC6378.7020505@inktank.com>
Date:	Tue, 08 Jan 2013 12:20:40 -0600
From:	Alex Elder <elder@...tank.com>
To:	Vlad Yasevich <vyasevich@...il.com>
CC:	Florian Fainelli <florian@...nwrt.org>,
	Neil Horman <nhorman@...driver.com>, netdev@...r.kernel.org,
	David Miller <davem@...emloft.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-sctp@...r.kernel.org
Subject: Re: [PATCH v2] sctp: Change defaults on cookie hmac selection

On 01/08/2013 12:08 PM, Vlad Yasevich wrote:
> On 01/08/2013 12:48 PM, Florian Fainelli wrote:
>> Le 01/07/13 17:39, Vlad Yasevich a écrit :
>>>>
>>>>> Would that save all the config trouble?
>>>>>
>>>> Yes, it would fix it as Florian has noted, but at the cost of
>>>> silently modifying
>>>> what the default hmac config vaule is.  If you've expressly disabled
>>>> SCTP_COOKIE_HMAC_MD5, and then blindly take the default choice in the
>>>> SCTP_DEFAULT_COOKIE selection option (the default default as it
>>>> were), using the
>>>> approach your suggesting, then that will silently enable
>>>> SCTP_COOKIE_HMAC_MD5
>>>> again, which may not be expected by users.  If you expressly have a
>>>> config
>>>> option disabled in an old configuration, we should leave it there.
>>>
>>> GACK.  Just reproduced this and I really don't like this infinite loop
>>> of choice prompts.  That's a horrible bug and we need to fix this.
>>>
>>> I don't think overriding the value is that big of a deal, especially
>>> considering that this is exactly what 'make menuconfig' and other
>>> graphical configs will do.
>>> If I start with:
>>>     CONFIG_IP_SCTP=m
>>>     CONFIG_NET_SCTPPROBE=m
>>>     # CONFIG_SCTP_DBG_MSG is not set
>>>     # CONFIG_SCTP_DBG_OBJCNT is not set
>>>     # CONFIG_SCTP_HMAC_NONE is not set
>>>     CONFIG_SCTP_HMAC_SHA1=y
>>>     # CONFIG_SCTP_HMAC_MD5 is not set
>>>
>>> then run:
>>>     yes "" | make oldconfig
>>>
>>> I get an infinite loop.
>>>
>>> If I run "make menuconfig", I get:
>>>     CONFIG_IP_SCTP=m
>>>     CONFIG_NET_SCTPPROBE=m
>>>     # CONFIG_SCTP_DBG_MSG is not set
>>>     # CONFIG_SCTP_DBG_OBJCNT is not set
>>>     CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
>>>     # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set
>>>     # CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
>>>     CONFIG_SCTP_COOKIE_HMAC_MD5=y
>>>     # CONFIG_SCTP_COOKIE_HMAC_SHA1 is not set
>>>
>>> Note, that SHA1 is now overridden with MD5.
>>>
>>> If I change the value of the default choice in Kconfig, the behavior
>>> between oldconfig and menuconfig is the same.
>>
>> Right, the issue is as simple as there is no default *valid* config
>> symbol being proposed. In any case Neil's patch changes both config
>> symbol names such that they are non-existent when transitionning from a
>> pre-3.8-rc config and a 3.8-rc config. The following patch fixes this
>> for me:
>>
>>  From c8e277512bafafc009a3fbf889c78d6b6a06d5fa Mon Sep 17 00:00:00 2001
>> From: Florian Fainelli <florian@...nwrt.org>
>> Date: Mon, 7 Jan 2013 14:26:15 +0100
>> Subject: [PATCH] sctp: fix typo in default SCTP cookie choice
>>
>> Commit 0d0863b0 (sctp: Change defaults on cookie hmac selection)
>> introduced a choice configuration option to select the default SCTP
>> cookie hashing algorithm, a typo was introduced for the default choice.
>> This is an issue when running make oldconfig because an explicit choice
>> number must be entered since no default is available. This patch fixes
>> the typo, thus providing a valid default choice.
>>
>> Signed-off-by: Florian Fainelli <florian@...nwrt.org>
> 
> Hi Florian
> 
> Alex Alder already sent the patch that Neil and I both acked, but I see
> that Alex never sent it to netdev (just checked the headers).
> 
> Oh well...  this is the same change that Alex sent, so ACK, and now it
> can get into the tree.
> 
> Acked-by: Vlad Yasevich <vyasevich@...il.com>
> 
> Alex, please be sure to CC your patches to netdev as well.

Sorry, I just sent my messages to the addresses listed
on the commit that introduced the problem this fixed.

Linus already pulled in the patch.

					-Alex

> Thanks
> -vlad
> 
>> ---
>>   net/sctp/Kconfig |    2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
>> index c262106..7521d94 100644
>> --- a/net/sctp/Kconfig
>> +++ b/net/sctp/Kconfig
>> @@ -68,7 +68,7 @@ config SCTP_DBG_OBJCNT
>>         If unsure, say N
>>   choice
>>       prompt "Default SCTP cookie HMAC encoding"
>> -    default SCTP_COOKIE_HMAC_MD5
>> +    default SCTP_DEFAULT_COOKIE_HMAC_MD5
>>       help
>>         This option sets the default sctp cookie hmac algorithm
>>         when in doubt select 'md5'
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ