| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87oagtc351.fsf@x220.int.ebiederm.org> Date: Tue, 22 Sep 2015 20:53:30 -0500 From: ebiederm@...ssion.com (Eric W. Biederman) To: Simon Horman <horms@...ge.net.au> Cc: Pablo Neira Ayuso <pablo@...filter.org>, David Miller <davem@...emloft.net>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, Nicolas Dichtel <nicolas.dichtel@...nd.com>, lvs-devel@...r.kernel.org, Julian Anastasov <ja@....bg> Subject: Re: [PATCH next 02/84] ipvs: Don't use current in proc_do_defense_mode Simon Horman <horms@...ge.net.au> writes: > On Mon, Sep 21, 2015 at 01:01:39PM -0500, Eric W. Biederman wrote: >> Instead store ipvs in extra2 so that proc_do_defense_mode can easily >> find the ipvs that it's value is associated with. >> >> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com> > > I am wondering if this fix should be included in v4.3 and stable. > Can the problem occur in practice? I believe a lookup in one network namespace followed by write in another network namespace would do it. So I think it would take so pretty deliberate and more or less peculiar actions to make it happen. I don't know how important the update_defense_level call is or how bad it is if it does not run in a network namespace . Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists