lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 13 Sep 2019 10:40:00 -0300
From:   'Marcelo Ricardo Leitner' <marcelo.leitner@...il.com>
To:     David Laight <David.Laight@...lab.com>
Cc:     Xin Long <lucien.xin@...il.com>,
        network dev <netdev@...r.kernel.org>,
        "linux-sctp@...r.kernel.org" <linux-sctp@...r.kernel.org>,
        Neil Horman <nhorman@...driver.com>,
        "davem@...emloft.net" <davem@...emloft.net>
Subject: Re: [PATCH net-next 5/5] sctp: add spt_pathcpthld in struct
 sctp_paddrthlds

On Fri, Sep 13, 2019 at 01:31:22PM +0000, David Laight wrote:
> From: 'Marcelo Ricardo Leitner'
> > Sent: 13 September 2019 14:20
> ...
> > Interestingly, we have/had the opposite problem with netlink. Like, it
> > was allowing too much flexibility, such as silently ignoring unknown
> > fields (which is what would happen with a new app running on an older
> > kernel would trigger here) is bad because the app cannot know if it
> > was actually used or not. Some gymnastics in the app could cut through
> > the fat here, like probing getsockopt() return size, but then it may
> > as well probe for the right sockopt to be used.
> 
> Yes, it would also work if the kernel checked that all 'unexpected'
> fields were zero (up to some sanity limit of a few kB).

Though this would have to be done by older kernels, which are not
aware of this extra space by definition.

> 
> Then an application complied with a 'new' header would work with
> an old kernel provided it didn't try so set any new fields.
> (And it zeroed the entire structure.)
> 
> But you have to start off with that in mind.
> 
> Alternatively stop the insanity of setting multiple options
> with one setsockopt call.
> If multiple system calls are an issue implement a system call
> that will set multiple options on the same socket.
> (Maybe through a CMSG()-like buffer).
> Then the application can set the ones it wants without having
> to do the read-modify-write sequence needed for some of the
> SCTP ones.

I'm not sure I get you here. You mean we could have, for example, one
sockopt for each field on each struct we currently have? That would
bring other problems to the table, like how to deal with fields that
need to be updated together.

Anyhow, I'm afraid our hands a bit tied here. That's how the RFCs are
defining the interface and we shouldn't deviate too much from it.

What would help is that the RFC definited these versioned structs
itself.  Because as it is, even if we start versioning it, Linux will
have one versioning and other OSes will have another.

  Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ