lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 22 Sep 2020 18:11:31 -0600
From:   David Ahern <dsahern@...il.com>
To:     Stephen Hemminger <stephen@...workplumber.org>
Cc:     Jan Engelhardt <jengelh@...i.de>, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2] ip: do not exit if RTM_GETNSID failed

On 9/22/20 5:57 PM, Stephen Hemminger wrote:
> On Tue, 22 Sep 2020 17:16:46 -0600
> David Ahern <dsahern@...il.com> wrote:
> 
>> On 9/22/20 12:28 AM, Jan Engelhardt wrote:
>>>
>>> On Tuesday 2020-09-22 02:22, Stephen Hemminger wrote:  
>>>> Jan Engelhardt <jengelh@...i.de> wrote:
>>>>  
>>>>> `ip addr` when run under qemu-user-riscv64, fails. This likely is
>>>>> due to qemu-5.1 not doing translation of RTM_GETNSID calls.
>>>>>
>>>>> 2: host0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
>>>>>     link/ether 5a:44:da:1a:c4:0b brd ff:ff:ff:ff:ff:ff
>>>>> request send failed: Operation not supported
>>>>>
>>>>> Treat the situation similar to an absence of procfs.
>>>>>
>>>>> Signed-off-by: Jan Engelhardt <jengelh@...i.de>  
>>>>
>>>> Not a good idea to hide a platform bug in ip command.
>>>> When you do this, you risk creating all sorts of issues for people that
>>>> run ip commands in container environments where the send is rejected (perhaps by SELinux)
>>>> and then things go off into a different failure.  
>>>
>>> In the very same function you do
>>>
>>>   fd = open("/proc/self/ns/net", O_RDONLY);
>>>
>>> which equally hides a potential platform bug (namely, forgetting to
>>> mount /proc in a chroot, or in case SELinux was improperly set-up).
>>> Why is this measured two different ways?
>>>
>>>   
>>
>> I think checking for EOPNOTSUPP error is more appropriate than ignoring
>> all errors.
>>
> 
> Right, checking for not supported makes sense, but permission denied
> is different.
> 

Sorry, I meant that comment for the original patch about RTM_GETNSID.

Powered by blists - more mailing lists