| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jan 2014 13:37:41 -0800 From: Eric Dumazet <eric.dumazet@...il.com> To: Ben Hutchings <bhutchings@...arflare.com> Cc: David Miller <davem@...emloft.net>, therbert@...gle.com, netdev@...r.kernel.org Subject: Re: [PATCH] net: Check skb->rxhash in gro_receive On Mon, 2014-01-13 at 20:50 +0000, Ben Hutchings wrote: > According to the original report of that vulnerability: > > > skb_flow_dissect() were used by several places: > > - packet scheduler that want classify flows > > - skb_get_rxhash() that will be used by RPS, vxlan, multiqueue > > tap,macvtap packet fanout > > - skb_probe_transport_header() which was used for probing transport > > header for DODGY packets > > - __skb_get_poff() which will be used by socket filter > > So flow dissector is already part of the attack surface for both local > and remote users in common configurations. Take a debian or Android distro, and this bug is not hit on 'common configurations'. Send them a 'packet of death', they will not hang, unless some admin set up RPS/RFS on the incoming device. Anyway, I see no point pushing this schem (flow dissect all incoming packets). A router has no gain going to L4 header, but still might need GRO. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists