lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Mar 2018 12:00:36 -0400 (EDT)
From:   David Miller <davem@...emloft.net>
To:     LIRAN.ALON@...CLE.COM
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        idan.brown@...CLE.COM, yuval.shaia@...CLE.COM
Subject: Re: [PATCH] net: dev_forward_skb(): Scrub packet's per-netns info
 only when crossing netns

From: Liran Alon <LIRAN.ALON@...CLE.COM>
Date: Tue, 20 Mar 2018 17:34:38 +0200

> I personally don't understand why we should maintain
> backwards-comparability to this behaviour.

The reason is because not breaking things is a cornerstone of Linux
kernel development.

> This feature is not documented to user-mode and I don't see why it
> is legit for the user to rely on it.

Whether it is documented or not is irrelevant.  A lot of our
interfaces and behaviors are not documented or poorly documented
at best.

> In addition, even if we do want to maintain backwards-comparability to
> this behaviour, I think it is enough to have an opt-in flag in
> /proc/sys/net/core/ that when set to 1 will activate the fix in
> dev_forward_skb() provided by this patch. That would also be a very
> simple change to the patch provided here.

Making it opt-in makes it more palatable, that's for sure.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ