| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1400256901.7973.200.camel@edumazet-glaptop2.roam.corp.google.com> Date: Fri, 16 May 2014 09:15:01 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Thomas Graf <tgraf@...g.ch> Cc: Ben Greear <greearb@...delatech.com>, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH net-next] pktgen: Add NOINIT option to leave packet data uninitialized On Fri, 2014-05-16 at 16:39 +0100, Thomas Graf wrote: > I don't see why the choice of deliberately exposing kernel memory > in either of these cases is an issue. This has been discussed a long time ago, when I had such claims, as root user "should be able to get dirty pages". If I remember, this was a new mmap() flag or something like that. (Ie not requiring clear new pages) This was of course rejected for upstream linux, for _very_ good reasons. With the advent of network namespaces, you could have the right to use pktgen on your ethernet device, without allowing you to read arbitrary kernel memory. The day its done, we would have to revert your change, and it is very possible nobody catch this dependency. Really this is simply about basic security concerns with an incredibly complex code base. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists