| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jun 2016 10:00:27 +0200 From: Daniel Borkmann <daniel@...earbox.net> To: Jamal Hadi Salim <jhs@...atatu.com>, davem@...emloft.net CC: netdev@...r.kernel.org, xiyou.wangcong@...il.com, Jamal Hadi Salim <hadi@...atatu.com> Subject: Re: [net-next PATCH v2 1/1] net sched actions: skbedit add support for mod-ing skb pkt_type Hi Jamal, On 06/12/2016 11:24 PM, Jamal Hadi Salim wrote: > From: Jamal Hadi Salim <hadi@...atatu.com> > > Extremely useful for setting packet type to host so i dont > have to modify the dst mac address using pedit (which requires > that i know the mac address) > > Signed-off-by: Jamal Hadi Salim <jhs@...atatu.com> I'm wondering if this is a good idea, I was thinking about something like this as well some time ago. So far pkt_type is just exposed as read-only to user space right now and I'm a bit worried that when we allow to set it arbitrarily, then this could lead to hard to debug issues since skb->pkt_type is used in a lot of places with possibly different assumptions and applications now need to mistrust the kernel whether skb->pkt_type was actually what the kernel itself set in the first place or skbedit with possibly some nonsense value (like rewriting PACKET_OUTGOING into PACKET_LOOPBACK, etc). Did you audit that this is safe? Thanks, Daniel
Powered by blists - more mailing lists