lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 18 Feb 2016 17:04:12 +0200
From:	Nikolay Borisov <kernel@...p.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH 0/4] Namespacify inet_peer_* sysctl knobs



On 02/17/2016 09:15 PM, Eric W. Biederman wrote:
> Nikolay Borisov <kernel@...p.com> writes:
> 
>> This series make the inet_peer ttl sysctls to be namespace aware. 
>>
>> Patch 1 adds a namespace association to the inet_peer_base struct, 
>> which in turn is used to make the sysctls namespace aware. The 
>> rest of the patches are straightforward.
> 
> At a quick skim I am not certain I am comfortable with this change.
> 
> The issue is that these are not packet parameters you are tuning but
> lifetimes for data structures.

Right, I though the inet peer expiration might have repercussion on the
way the networking stack worked. But apparently that's not case.
> 
> Generally there are challenges making this kind of thing per namespace
> because resource control can lead to DOS attack from one namespace
> being able to arbitrarly control it's own resource consumption.
> 
> Is this something that is actually worth making per namespace?

I guess the series can be dropped if it's deemed unnecessary.


> 
> Eric
> 
>> Nikolay Borisov (4):
>>   inetpeer: Add net namespace assosication in inet_peer_base
>>   inetpeer: Namespacify inet_peer_maxttl sysctl knob
>>   inetpeer: Namespacify inet_peer_minttl sysctl knob
>>   inetpeer: Namespacify inet_peer_threshold sysctl knob
>>
>>  include/net/inetpeer.h     |  1 +
>>  include/net/ip.h           |  5 -----
>>  include/net/netns/ipv4.h   |  4 ++++
>>  net/ipv4/inetpeer.c        | 15 ++++++---------
>>  net/ipv4/route.c           |  1 +
>>  net/ipv4/sysctl_net_ipv4.c | 47 ++++++++++++++++++++++++----------------------
>>  6 files changed, 37 insertions(+), 36 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ