lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 22 Sep 2020 16:57:49 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     David Ahern <dsahern@...il.com>
Cc:     Jan Engelhardt <jengelh@...i.de>, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] ip: do not exit if RTM_GETNSID failed

On Tue, 22 Sep 2020 17:16:46 -0600
David Ahern <dsahern@...il.com> wrote:

> On 9/22/20 12:28 AM, Jan Engelhardt wrote:
> > 
> > On Tuesday 2020-09-22 02:22, Stephen Hemminger wrote:  
> >> Jan Engelhardt <jengelh@...i.de> wrote:
> >>  
> >>> `ip addr` when run under qemu-user-riscv64, fails. This likely is
> >>> due to qemu-5.1 not doing translation of RTM_GETNSID calls.
> >>>
> >>> 2: host0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
> >>>     link/ether 5a:44:da:1a:c4:0b brd ff:ff:ff:ff:ff:ff
> >>> request send failed: Operation not supported
> >>>
> >>> Treat the situation similar to an absence of procfs.
> >>>
> >>> Signed-off-by: Jan Engelhardt <jengelh@...i.de>  
> >>
> >> Not a good idea to hide a platform bug in ip command.
> >> When you do this, you risk creating all sorts of issues for people that
> >> run ip commands in container environments where the send is rejected (perhaps by SELinux)
> >> and then things go off into a different failure.  
> > 
> > In the very same function you do
> > 
> >   fd = open("/proc/self/ns/net", O_RDONLY);
> > 
> > which equally hides a potential platform bug (namely, forgetting to
> > mount /proc in a chroot, or in case SELinux was improperly set-up).
> > Why is this measured two different ways?
> > 
> >   
> 
> I think checking for EOPNOTSUPP error is more appropriate than ignoring
> all errors.
> 

Right, checking for not supported makes sense, but permission denied
is different.

Powered by blists - more mailing lists