lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20170718095605.753goswz5ildy3de@archetype.pseudorandom.co.uk>
Date:   Tue, 18 Jul 2017 10:56:24 +0100
From:   Simon McVittie <simon.mcvittie@...labora.co.uk>
To:     David Miller <davem@...emloft.net>
Cc:     dh.herrmann@...il.com, netdev@...r.kernel.org, teg@...m.no,
        eric.dumazet@...il.com, hannes@...essinduktion.org
Subject: Re: [PATCH] net/unix: drop obsolete fd-recursion limits

On Mon, 17 Jul 2017 at 08:58:21 -0700, David Miller wrote:
> > With all of this in mind, lets drop the recursion limit. It has no
> > additional security value, anymore. On the contrary, it randomly
> > confuses message brokers that try to forward file-descriptors, since
> > any sendmsg(2) call can fail spuriously with ETOOMANYREFS if a client
> > maliciously modifies the FD while inflight.
> 
> Applied, thanks.

I assume I was cc'd on this as a maintainer of one of the message
brokers that handles ETOOMANYREFS (dbus-daemon).

dbus-daemon will have to keep its current handling of ETOOMANYREFS
(namely dropping the message on the floor) for at least a few years,
to avoid re-introducing local denial of service CVE-2014-3532 on kernels
older than the one where you applied this; so please try to avoid reusing
ETOOMANYREFS for any new sendmsg() error condition where this would not
be an appropriate response.

Thanks,
    S

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ