| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAF=yD-LZeYijHi3bJmo06B0cicqH-+eBMW_+LUs4+85ZM0KcZA@mail.gmail.com>
Date: Tue, 23 Jan 2018 21:02:48 +0100
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Jesus Sanchez-Palencia <jesus.sanchez-palencia@...el.com>
Cc: Network Development <netdev@...r.kernel.org>,
Jamal Hadi Salim <jhs@...atatu.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Jiří Pírko <jiri@...nulli.us>,
Vinicius Gomes <vinicius.gomes@...el.com>,
Richard Cochran <richardcochran@...il.com>,
intel-wired-lan@...ts.osuosl.org, anna-maria@...utronix.de,
Henrik Austad <henrik@...tad.us>,
Thomas Gleixner <tglx@...utronix.de>,
John Stultz <john.stultz@...aro.org>, andre.guedes@...el.com,
Ivan Briano <ivan.briano@...el.com>,
Levi Pearson <levi.pearson@...man.com>,
Richard Cochran <rcochran@...utronix.de>
Subject: Re: [RFC v2 net-next 01/10] net: Add a new socket option for a future
transmit time.
>> If using ns_capable, skb->tstamp must continue to be scrubbed when traversing
>> network namespaces.
>
>
> I was planning to follow Eric's suggestion and move the tstamp scrubbing out of
> skb_scrub_packet() into ____dev_forward_skb() instead. Would that break when
> traversing namespaces?
That implies namespace traversal, so sounds perfect for this purpose.
>>
>>> @@ -2130,6 +2137,15 @@ int __sock_cmsg_send(struct sock *sk, struct msghdr *msg, struct cmsghdr *cmsg,
>>> sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
>>> sockc->tsflags |= tsflags;
>>> break;
>>> + case SO_TXTIME:
>>> + if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
>>> + return -EPERM;
>>> + if (!sock_flag(sk, SOCK_TXTIME))
>>> + return -EINVAL;
>>
>> No need for ns_capable check on each packet when already required to
>> toggle socket option.
>
>
> Ok. SO_MARK is doing the same so it might have "mis-inspired" me. I should
> probably fix both.
The SO_MARK cmsg does need a check on each invocation,
because it is not conditional on a sock_flag like SO_TXTIME.
Powered by blists - more mailing lists