| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20150302.155712.103799154284088691.davem@davemloft.net> Date: Mon, 02 Mar 2015 15:57:12 -0500 (EST) From: David Miller <davem@...emloft.net> To: eyal.birger@...il.com Cc: fw@...len.de, willemb@...gle.com, edumazet@...gle.com, shmulik.ladkani@...il.com, netdev@...r.kernel.org Subject: Re: [PATCH net-next v4 0/2] net: Introducing socket mark receive socket option From: Eyal Birger <eyal.birger@...il.com> Date: Mon, 2 Mar 2015 22:38:50 +0200 > I can sum up the motivation for this feature as follows: > > - skb->mark is set by user-space policy. It would make sense for > user-space to be > able to query the resolution of that policy on a per packet basis - > even if solely for the > purpose of debugging (e.g. fetching this meta-data on packet sockets > on the xmit path > in order to debug tc behavior) It is also set by routing, netfilter, classifier rules installed by the administrator. Therefore it is not universally true that it is safe to allow applications to access this value. I'm not applying this series, it's use case is at best dubious to me and there are security/protection concerns as well. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists