lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <61bdd006-98f8-18dd-9731-b64b34e35252@gmail.com>
Date:   Tue, 2 Oct 2018 08:55:19 -0600
From:   David Ahern <dsahern@...il.com>
To:     Jiri Benc <jbenc@...hat.com>, David Ahern <dsahern@...nel.org>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, christian@...uner.io,
        stephen@...workplumber.org
Subject: Re: [PATCH RFC v2 net-next 03/25] netlink: introduce
 NLM_F_DUMP_PROPER_HDR flag

On 10/2/18 5:06 AM, Jiri Benc wrote:
> On Mon,  1 Oct 2018 17:28:29 -0700, David Ahern wrote:
>> Add a new flag, NLM_F_DUMP_PROPER_HDR, for userspace to indicate to the
>> kernel that it believes it is sending the right header struct for the
>> dump message type (ifinfomsg, ifaddrmsg, rtmsg, fib_rule_hdr, ...).
> 
> Why is this limited to dumps? Other kind of netlink messages contain
> the common struct, too. When introducing such mechanism, please make it
> generic.

Because all of the other requests -- NEW, DEL, and GET -- all seem to
use and expect the right header. Dumps are the ones where the header is
not looked at in most cases and for years iproute2 got away with sending
the wrong one.

> 
> Last time when we were discussing strict checking in netlink, it was
> suggested to add a socket option instead of adding NLM flags[1].
> It makes a lot of sense: the number of flags is very limited and we'd
> run out of them pretty fast. It's not just the header structure that
> is currently checked sloppily. It's also attributes, flags in
> attributes, etc. We can't assign a flag to all of them.


> 
> You should also consider a different name for the flag: it should
> reflect what the effect of the flag is. "Proper header" is not an
> effect, it's a requirement for the message to pass. The effect is
> enforced strict checking of the header.

Proper means the correct header for the dump type is sent.

You want take issue with a name suggest a different one.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ