| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87si0r4086.fsf@x220.int.ebiederm.org> Date: Wed, 17 Feb 2016 13:15:37 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Nikolay Borisov <kernel@...p.com> Cc: davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH 0/4] Namespacify inet_peer_* sysctl knobs Nikolay Borisov <kernel@...p.com> writes: > This series make the inet_peer ttl sysctls to be namespace aware. > > Patch 1 adds a namespace association to the inet_peer_base struct, > which in turn is used to make the sysctls namespace aware. The > rest of the patches are straightforward. At a quick skim I am not certain I am comfortable with this change. The issue is that these are not packet parameters you are tuning but lifetimes for data structures. Generally there are challenges making this kind of thing per namespace because resource control can lead to DOS attack from one namespace being able to arbitrarly control it's own resource consumption. Is this something that is actually worth making per namespace? Eric > Nikolay Borisov (4): > inetpeer: Add net namespace assosication in inet_peer_base > inetpeer: Namespacify inet_peer_maxttl sysctl knob > inetpeer: Namespacify inet_peer_minttl sysctl knob > inetpeer: Namespacify inet_peer_threshold sysctl knob > > include/net/inetpeer.h | 1 + > include/net/ip.h | 5 ----- > include/net/netns/ipv4.h | 4 ++++ > net/ipv4/inetpeer.c | 15 ++++++--------- > net/ipv4/route.c | 1 + > net/ipv4/sysctl_net_ipv4.c | 47 ++++++++++++++++++++++++---------------------- > 6 files changed, 37 insertions(+), 36 deletions(-)
Powered by blists - more mailing lists