| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Apr 2013 13:55:01 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Paul Moore <pmoore@...hat.com> Cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org, mvadkert@...hat.com Subject: Re: [PATCH] tcp: assign the sock correctly to an outgoing SYNACK packet On Mon, 2013-04-08 at 16:37 -0400, Paul Moore wrote: > The people who use this functionality almost never use upstream kernels, they > need to protection/certification/warm-fuzzies/etc. that come from a > distribution kernel and a support infrastructure. I didn't catch it because I > use a slightly different configuration that didn't expose this bug; while I > would like to run a full regression test every release I simply don't have the > time to do that myself. > > > This sounds like a very small issue to me, a revert is simply overkill. > > It all depends on your use case. To you, whom I assume doesn't use SELinux, > it is indeed a trivial issue. To someone who relies on SELinux for its > network access controls this is a pretty significant issue. > Is the patch I sent addressing the problem or not ? Note that I do have : CONFIG_SECURITY=y So this patch basically adds the overhead back, and I'll have to use real hook later in net-next. At least my patch clearly _shows_ the security requirement, instead of relying on a side effect of a previous sock_wmalloc() Again, it would be nice you understand the plan. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists