lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20151119.104811.1447518072450380661.davem@davemloft.net>
Date:	Thu, 19 Nov 2015 10:48:11 -0500 (EST)
From:	David Miller <davem@...emloft.net>
To:	zenczykowski@...il.com
Cc:	lorenzo@...gle.com, hannes@...essinduktion.org,
	eric.dumazet@...il.com, stephen@...workplumber.org,
	netdev@...r.kernel.org, edumazet@...gle.com, ek@...gle.com,
	dtor@...gle.com
Subject: Re: Add a SOCK_DESTROY operation to close sockets from userspace

From: Maciej Żenczykowski <zenczykowski@...il.com>
Date: Wed, 18 Nov 2015 23:19:03 -0800

> Privileged userspace can already make these decisions today, whether
> it is by killing processes with open sockets, or by turning interfaces
> up and down or by reconfiguring the firewall and/or the routing
> rules/tables, or by injecting spoofed TCP reset packets (via tap).
> It's just *very* inconvenient to do and error prone.
> 
> Another example: privileged userspace could ptrace the userspace apps
> and via code injection call close() on the app's behalf and reopen the
> file descriptor to some null routed destination so it behaves like if
> it was timed out / unreachable.

At least if they do it this way, and someone claims that Linux TCP
behaves outside the spec or improperly, it's not directly because of
any code I am responsible for.

That's the difference, and frankly an important one to me.

If I'm going to give userspace a direct tool by which to do things,
then it's suddenly my responsibility and my problem.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ