lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 13 Apr 2017 16:13:40 +0300
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Brian Norris <briannorris@...omium.org>
Cc:     Nishant Sarmukadam <nishants@...vell.com>,
        Ganapathi Bhat <gbhat@...vell.com>,
        Xinming Hu <huxm@...vell.com>, linux-kernel@...r.kernel.org,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        netdev@...r.kernel.org, linux-wireless@...r.kernel.org
Subject: Re: [PATCH] mwifiex: MAC randomization should not be persistent

Brian Norris <briannorris@...omium.org> writes:

> On Thu, Apr 06, 2017 at 07:02:15AM +0300, Kalle Valo wrote:
>> Brian Norris <briannorris@...omium.org> writes:
>> 
>> > nl80211 provides the NL80211_SCAN_FLAG_RANDOM_ADDR for every scan
>> > request that should be randomized; the absence of such a flag means we
>> > should not randomize. However, mwifiex was stashing the latest
>> > randomization request and *always* using it for future scans, even those
>> > that didn't set the flag.
>> >
>> > Let's zero out the randomization info whenever we get a scan request
>> > without NL80211_SCAN_FLAG_RANDOM_ADDR. I'd prefer to remove
>> > priv->random_mac entirely (and plumb the randomization MAC properly
>> > through the call sequence), but the spaghetti is a little difficult to
>> > unravel here for me.
>> >
>> > Fixes: c2a8f0ff9c6c ("mwifiex: support random MAC address for scanning")
>> 
>> So the first release with this was v4.9.
>> 
>> > Signed-off-by: Brian Norris <briannorris@...omium.org>
>> > ---
>> > Should this be tagged for -stable?
>> 
>> IMHO yes.
>
> Sounds fine to me. I suppose you'll do this when applying? Or I can
> resend...

I can add this:

Cc: <stable@...r.kernel.org> # 4.9+

-- 
Kalle Valo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ