| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 May 2019 08:35:58 +0200
From: Michal Kubecek <mkubecek@...e.cz>
To: netdev@...r.kernel.org
Cc: David Ahern <dsahern@...il.com>,
Stephen Hemminger <stephen@...workplumber.org>
Subject: Re: [PATCH iproute2-next 1/9] libnetlink: Set NLA_F_NESTED in
rta_nest
On Thu, May 30, 2019 at 11:50:59AM -0600, David Ahern wrote:
> On 5/30/19 11:43 AM, Stephen Hemminger wrote:
> >
> > I assume older kernels ignore the attribute?
> >
> > Also, how is this opt-in for running iproute2-next on old kernels?
>
> from what I can see older kernel added the flag when generating a nest
> (users of nla_nest_start), but did not pay attention to the flag for
> messages received from userspace.
Most of kernel generated messages do not set NLA_F_NESTED as
nla_nest_start() did not set it automatically before commit ae0be8de9a53
("netlink: make nla_nest_start() add NLA_F_NESTED flag") which only
reached mainline in 5.2 merge window. Unfortunately we cannot simply
start setting the flag everywhere as there may be userspace software
using nla->type directly rather than through a wrapper masking out the
flags.
On the other hand, it's safe to set set NLA_F_NESTED in messages sent to
kernel. When checking kernel tree for direct nla->type access, I found
only few (~10) places doing that and with one exception, those were
special cases, e.g. when attribute type was (ab)used as an array index.
Most of the code (and IIRC all of rtnetlink) either uses parse functions
or nla_type() accessor.
Michal
Powered by blists - more mailing lists