lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2ee964f2-f289-cd85-edb8-4fd6959a8543@gmail.com>
Date:   Mon, 21 Jan 2019 09:33:55 -0700
From:   David Ahern <dsahern@...il.com>
To:     Benedict Wong <benedictwong@...gle.com>, netdev@...r.kernel.org
Cc:     nharold@...gle.com, lorenzo@...gle.com, maze@...gle.com
Subject: Re: [PATCH v2 iproute2 1/1] xfrm: add option to hide keys in state
 output

On 1/18/19 12:12 PM, Benedict Wong wrote:
> ip xfrm state show currently dumps keys unconditionally. This limits its
> use in logging, as security information can be leaked.
> 
> This patch adds a nokeys option to ip xfrm ( state show | monitor ), which
> prevents the printing of keys. This allows ip xfrm state show to be used
> in logging without exposing keys.
> 
> Signed-off-by: Benedict Wong <benedictwong@...gle.com>
> ---
>  ip/ipxfrm.c        | 49 +++++++++++++++++++++++++---------------------
>  ip/xfrm.h          |  5 +++--
>  ip/xfrm_monitor.c  |  7 +++++--
>  ip/xfrm_state.c    | 27 ++++++++++++++++++++-----
>  man/man8/ip-xfrm.8 | 15 +++++++++++++-
>  5 files changed, 71 insertions(+), 32 deletions(-)
> 

applied to iproute2-next. Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ