lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Nov 2015 23:19:06 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: Austin S Hemmelgarn <ahferroin7@...il.com> Cc: Stephen Hemminger <stephen@...workplumber.org>, David Miller <davem@...emloft.net>, LKML <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org> Subject: Re: Is ndo_do_ioctl still acceptable? On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn <ahferroin7@...il.com> wrote: >> > On the other hand, based on what you are saying about your device, it sounds > like you are working on some kind of cryptographically secured (either > authenticated or encrypted or both) tunnel, in which case the fact that > security is easier to handle with netlink than ioctls becomes important. If > you can't ensure security of the endpoint configuration, you can't ensure > security of the tunnel itself. Could you substantiate these claims that "security is easier to handle with netlink". I've never heard this and I don't know why it'd be the case. Are you referring to the fact that the copy_to/from_user dance of ioctl opens up more potential vulnerabilities than netlink's abstracted validation? Or something else? Just confused here... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists