| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <847cc635-cb90-821d-5824-07e7f941db75@mojatatu.com>
Date: Tue, 18 Sep 2018 08:34:53 -0400
From: Jamal Hadi Salim <jhs@...atatu.com>
To: Johannes Berg <johannes@...solutions.net>,
Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
Michal Kubecek <mkubecek@...e.cz>
Cc: linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
jbenc@...hat.com
Subject: Re: [PATCH 1/2] netlink: add NLA_REJECT policy type
On 2018-09-17 5:38 a.m., Johannes Berg wrote:
> On Thu, 2018-09-13 at 18:58 -0300, Marcelo Ricardo Leitner wrote:
>
[..]
>
> So in one case I was thinking of, there are some fields that simply
> cannot be used for input, they're only used for output. > But it may not
> always be obvious to somebody using the API. Thus, I think it makes
> sense to instruct the kernel to reject that, so that whoever gets
> confused has immediate feedback that their usage is wrong. If we ignore
> that, they may not realize their error immediately.
>
> I think the ethtool case is similar: you can read and write some fields,
> and only read others - but if you try to write the read-only fields
> would you prefer to be told "sorry, this is not possible" vs. it being
> silently ignored? I'd definitely prefer the former.
>
>> Maybe it would be better to have NLA_IGNORE instead? </idea>
>
> I don't think so, it doesn't give any feedback to the application author
> that they're doing something wrong.
>
Maybe time to introduce kernel side access-control flags?
Read/Write permissions for example. Attrs marked as read only
(in the kernel) cannot be written to.
cheers,
jamal
Powered by blists - more mailing lists