| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jan 2014 15:20:58 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Julian Anastasov <ja@....bg> Cc: David Miller <davem@...emloft.net>, gregory.hoggarth@...iedtelesis.co.nz, netdev@...r.kernel.org Subject: Re: Linux kernel patch: elide fib_validate_source() completely when possible - bad side effect? Hi Julian, On Thu, Jan 23, 2014 at 11:47:33AM +0200, Julian Anastasov wrote: > On Thu, 23 Jan 2014, Hannes Frederic Sowa wrote: > > > E.g. we register all local registered broadcast addresses in a structure > > like inet_addr_lst so we only need to check if the packet would leave > > this host with a broadcast hardware address. If the packet is forwarded > > the router must do the same check as only it knows the local broadcast > > addresses. I hope this is correct. ;) > > Now when we can override the local table with ip > rules or to prepend route in local table, we can not be > sure that the broadcast routes are returned in all cases, > users can add unicast routes for such addresses. > > I don't remember for useful case where one may need to > override broadcast routes but adding such exceptions looks > risky. The check I envisioned would only actually block the ifa_broadcast of only the incoming interface as source address. So we wouldn't depend on the view of the routing tables at all. But I have no strong opinion on that. Greetings, Hannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists