lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 17 Feb 2016 13:15:37 -0600
From: (Eric W. Biederman)
To:	Nikolay Borisov <>
Subject: Re: [PATCH 0/4] Namespacify inet_peer_* sysctl knobs

Nikolay Borisov <> writes:

> This series make the inet_peer ttl sysctls to be namespace aware. 
> Patch 1 adds a namespace association to the inet_peer_base struct, 
> which in turn is used to make the sysctls namespace aware. The 
> rest of the patches are straightforward.

At a quick skim I am not certain I am comfortable with this change.

The issue is that these are not packet parameters you are tuning but
lifetimes for data structures.

Generally there are challenges making this kind of thing per namespace
because resource control can lead to DOS attack from one namespace
being able to arbitrarly control it's own resource consumption.

Is this something that is actually worth making per namespace?


> Nikolay Borisov (4):
>   inetpeer: Add net namespace assosication in inet_peer_base
>   inetpeer: Namespacify inet_peer_maxttl sysctl knob
>   inetpeer: Namespacify inet_peer_minttl sysctl knob
>   inetpeer: Namespacify inet_peer_threshold sysctl knob
>  include/net/inetpeer.h     |  1 +
>  include/net/ip.h           |  5 -----
>  include/net/netns/ipv4.h   |  4 ++++
>  net/ipv4/inetpeer.c        | 15 ++++++---------
>  net/ipv4/route.c           |  1 +
>  net/ipv4/sysctl_net_ipv4.c | 47 ++++++++++++++++++++++++----------------------
>  6 files changed, 37 insertions(+), 36 deletions(-)

Powered by blists - more mailing lists