| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Nov 2019 13:20:57 -0800 (PST)
From: David Miller <davem@...emloft.net>
To: zenczykowski@...il.com
Cc: maze@...gle.com, netdev@...r.kernel.org, edumazet@...gle.com
Subject: Re: [PATCH v2] net: port < inet_prot_sock(net) -->
inet_port_requires_bind_service(net, port)
From: Maciej Żenczykowski <zenczykowski@...il.com>
Date: Mon, 25 Nov 2019 15:37:04 -0800
> From: Maciej Żenczykowski <maze@...gle.com>
>
> Note that the sysctl write accessor functions guarantee that:
> net->ipv4.sysctl_ip_prot_sock <= net->ipv4.ip_local_ports.range[0]
> invariant is maintained, and as such the max() in selinux hooks is actually spurious.
>
> ie. even though
> if (snum < max(inet_prot_sock(sock_net(sk)), low) || snum > high) {
> per logic is the same as
> if ((snum < inet_prot_sock(sock_net(sk)) && snum < low) || snum > high) {
> it is actually functionally equivalent to:
> if (snum < low || snum > high) {
> which is equivalent to:
> if (snum < inet_prot_sock(sock_net(sk)) || snum < low || snum > high) {
> even though the first clause is spurious.
>
> But we want to hold on to it in case we ever want to change what what
> inet_port_requires_bind_service() means (for example by changing
> it from a, by default, [0..1024) range to some sort of set).
>
> Test: builds, git 'grep inet_prot_sock' finds no other references
> Cc: Eric Dumazet <edumazet@...gle.com>
> Signed-off-by: Maciej Żenczykowski <maze@...gle.com>
Applied, thanks.
Powered by blists - more mailing lists