| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150924013800.GA4495@verge.net.au> Date: Thu, 24 Sep 2015 10:38:03 +0900 From: Simon Horman <horms@...ge.net.au> To: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Pablo Neira Ayuso <pablo@...filter.org>, David Miller <davem@...emloft.net>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, Nicolas Dichtel <nicolas.dichtel@...nd.com>, lvs-devel@...r.kernel.org, Julian Anastasov <ja@....bg> Subject: Re: [PATCH next 02/84] ipvs: Don't use current in proc_do_defense_mode On Tue, Sep 22, 2015 at 08:53:30PM -0500, Eric W. Biederman wrote: > Simon Horman <horms@...ge.net.au> writes: > > > On Mon, Sep 21, 2015 at 01:01:39PM -0500, Eric W. Biederman wrote: > >> Instead store ipvs in extra2 so that proc_do_defense_mode can easily > >> find the ipvs that it's value is associated with. > >> > >> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com> > > > > I am wondering if this fix should be included in v4.3 and stable. > > Can the problem occur in practice? > > I believe a lookup in one network namespace followed by write in another > network namespace would do it. So I think it would take so pretty > deliberate and more or less peculiar actions to make it happen. > > I don't know how important the update_defense_level call is or how bad > it is if it does not run in a network namespace . Thanks, my feeling is that this problem can be fixed via next. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists