lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Nov 2015 10:48:11 -0500 (EST) From: David Miller <davem@...emloft.net> To: zenczykowski@...il.com Cc: lorenzo@...gle.com, hannes@...essinduktion.org, eric.dumazet@...il.com, stephen@...workplumber.org, netdev@...r.kernel.org, edumazet@...gle.com, ek@...gle.com, dtor@...gle.com Subject: Re: Add a SOCK_DESTROY operation to close sockets from userspace From: Maciej Żenczykowski <zenczykowski@...il.com> Date: Wed, 18 Nov 2015 23:19:03 -0800 > Privileged userspace can already make these decisions today, whether > it is by killing processes with open sockets, or by turning interfaces > up and down or by reconfiguring the firewall and/or the routing > rules/tables, or by injecting spoofed TCP reset packets (via tap). > It's just *very* inconvenient to do and error prone. > > Another example: privileged userspace could ptrace the userspace apps > and via code injection call close() on the app's behalf and reopen the > file descriptor to some null routed destination so it behaves like if > it was timed out / unreachable. At least if they do it this way, and someone claims that Linux TCP behaves outside the spec or improperly, it's not directly because of any code I am responsible for. That's the difference, and frankly an important one to me. If I'm going to give userspace a direct tool by which to do things, then it's suddenly my responsibility and my problem. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists