| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Aug 2016 01:22:12 +0900
From: 吉藤英明 <hideaki.yoshifuji@...aclelinux.com>
To: Lorenzo Colitti <lorenzo@...gle.com>
Cc: Hannes Frederic Sowa <hannes@...essinduktion.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Erik Kline <ek@...gle.com>, David Miller <davem@...emloft.net>
Subject: Re: [PATCH net] net: ipv6: Fix ping to link-local addresses.
Hi,
2016-08-08 23:45 GMT+09:00 Lorenzo Colitti <lorenzo@...gle.com>:
> On Mon, Aug 8, 2016 at 11:26 PM, Hannes Frederic Sowa
> <hannes@...essinduktion.org> wrote:
>>> - if (sk->sk_bound_dev_if &&
>>> - sk->sk_bound_dev_if != u->sin6_scope_id) {
>>> - return -EINVAL;
>>> - }
>>
>> Hmm, sk->sk_bound_dev_if always has highest prio for the selection of
>> the output interface. Thus this code made sense to me.
>
> Removing it is consistent with the other sendmsg functions such as
> udpv6_sendmsg or rawv6_sendmsg.
>
> There is similar code in __ip6_datagram_connect, but that seems a bit
> different because that code also *sets* sk_bound_dev_if.
>
> Personally I think it's better for pingv6_sendmsg be consistent with
> the other *_sendmsg functions than with ip6_datagram_connect, and thus
> the code should be removed. But I don't feel particularly strongly
> about it.
Following must be met, at least, IMHO.
- SO_BINDTODEVICE requires "root", which sets sk_bound_dev_if.
- sin6_scope_id and sk_bound_dev_if should match (if the address it
link-local address), or each or both should equal to 0.
I think it would make more sense if former setting wins...
--yoshfuji
Powered by blists - more mailing lists