| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 May 2014 18:34:20 -0400 (EDT) From: David Miller <davem@...emloft.net> To: torvalds@...ux-foundation.org Cc: ebiederm@...ssion.com, jbenc@...hat.com, luto@...capital.net, jorge@...2.net, vgoyal@...hat.com, ssorce@...hat.com, security@...nel.org, netdev@...r.kernel.org, serge@...lyn.com Subject: Re: [PATCH 5/5] net: Use netlink_ns_capable to verify the permisions of netlink messages From: Linus Torvalds <torvalds@...ux-foundation.org> Date: Fri, 23 May 2014 16:51:17 -0700 > On Fri, May 23, 2014 at 4:25 PM, Eric W. Biederman > <ebiederm@...ssion.com> wrote: >> >> I have not seen consensus that what Zebra is doing makes sense to >> support. > > Eric, stop right there. > > There is no "sensible to support". There is only "reality". > > The thing that makes "reality" be "reality" is that it exists whether > you like it or not, or whether you believe in it or not. > > We don't break applications. Whether you like them or not is > completely immaterial. Agreed, we have to either implement Andy's suggestion (permission check at connect() time for connected sockets, and at send() time for unconnected sockets) or revert the behavioral change completely. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists