lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 27 Oct 2013 13:37:48 -0700
From:	Alexander Duyck <alexander.duyck@...il.com>
To:	Jamal Hadi Salim <jhs@...atatu.com>
CC:	"Eric W. Biederman" <ebiederm@...ssion.com>,
	David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
	alexander.h.duyck@...el.com
Subject: Re: [PATCH 0/2] net_sched: Remove broken tc actions

On 10/27/2013 09:58 AM, Jamal Hadi Salim wrote:
> On 10/27/13 09:40, Eric W. Biederman wrote:
>>
>> While auditing the code to make certain it would be safe to enable the
>> user namespace root to use tc actions I stumbled on the strange fact
>> that two of the tc modules in the kernel have been broken for more
>> years than I care to think about.
>>
>> In particular neither of these two modules implements the tc_action_ops
>> lookup method.  Which means that in practice neither RTM_GETACTION nor
>> RTM_DELACTION work.  And with RTM_DELACTION broken that looks like a
>> permanent leak of kernel memory to me.
>>
>>
>> A leak I am not happy at root having and certainly not something I want
>> to allow unprivileged users access to.
>>
>> On the premise that 5+ years is too long to wait for someone to notice,
>> complain and get this code fixed let's just remove these broken tc
>> modules.
>>
> 
> 
> Nah, dude.
> You dont have to implement the get/del. Actions are typically bound
> to filters; when the filters disappears the action is destroyed.
> You Get the filter, you Get the bound actions.
> you can add actions without filters - but in such a case, for both
> of these ones you picked, you can dump or flush them unless they are
> bound to a filter. Thats the minimal requirement (which is met).
> 
> What is your use case to need explicit get/del?
> Given act_simple is pedagogical in nature, I think
> that will be useful for illustration purposes.
> 
> cheers,
> jamal

The primary use case for act_skbedit was to have it associated with a
filter.  I based it off of act_simple so it isn't surprising that it
inherited this issue.

>From what I can tell all of the other actions are just using
tcf_hash_search for lookup.  Is there anything special that is needed in
order to add the lookup call, or could we just add a one liner
associating simple and skbedit lookup with tcf_hash_search?

Thanks,

Alex

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ