| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 May 2020 08:17:54 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'David Miller' <davem@...emloft.net> CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: [PATCH net-next] net/ipv4/raw Optimise ipv4 raw sends when IP_HDRINCL set. From: David Miller <davem@...emloft.net> > Sent: 12 May 2020 00:10 > From: David Laight <David.Laight@...LAB.COM> > Date: Mon, 11 May 2020 21:28:18 +0000 > > > In this case the "modified in userspace meanwhile" just breaks the > > application - it isn't any kind of security issue. > > The kernel must provide correct behavior based upon the stable IP > header that it copies into userspace. I'm not moving on this > requirement, sorry. > > I'm sure you have great reasons why you can't use normal UDP sockets > for RTP traffic, but that's how you will get a cached route and avoid > this exact problem. Not unless you can tell me how to create a UDP socket that doesn't receive data. Even if there is a corresponding RTP receive flow there is no reason why it should use the same port numbers and IP addresses. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists