lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANP3RGeZaGD5JLw4VCLXe_6qmrGRLjROJuUNwbysq_1BhNbKOg@mail.gmail.com>
Date:   Tue, 24 Sep 2019 16:47:00 +0200
From:   Maciej Żenczykowski <zenczykowski@...il.com>
To:     David Miller <davem@...emloft.net>
Cc:     Linux NetDev <netdev@...r.kernel.org>,
        Kees Cook <keescook@...gle.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Eric Dumazet <edumazet@...gle.com>,
        Mahesh Bandewar <maheshb@...gle.com>,
        Lorenzo Colitti <lorenzo@...gle.com>
Subject: Re: [PATCH] net-icmp: remove ping_group_range sysctl

> Removing this is going to break things, you can't just remove a sysctl
> because "oh it was a bad idea to add this, sorry."

Yeah, I know... but do you have any other suggestions?

Would you take an alternative to make the default wide opened?

The current sysctl just doesn't work.  It can even print '1 0' meaning
everyone has access.
Perhaps having it as a non-namespace aware global setting (with a
default of on) would be more palatable?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ