lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20201002075538.2a52dccb@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Fri, 2 Oct 2020 07:55:38 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Johannes Berg <johannes@...solutions.net>
Cc:     davem@...emloft.net, netdev@...r.kernel.org, andrew@...n.ch,
        jiri@...nulli.us, mkubecek@...e.cz, dsahern@...nel.org,
        pablo@...filter.org
Subject: Re: [PATCH net-next v2 00/10] genetlink: support per-command policy
 dump

On Fri, 02 Oct 2020 16:42:09 +0200 Johannes Berg wrote:
> On Fri, 2020-10-02 at 07:40 -0700, Jakub Kicinski wrote:
> 
> > > I suppose you could make an argument that only some attrs might be
> > > accepted in doit and somewhat others in dumpit, or perhaps none in
> > > dumpit because filtering wasn't implemented?  
> > 
> > Right? Feels like it goes against our strict validation policy to
> > ignore input on dumpit.
> >   
> > > But still ... often we treat filtering as "advisory" anyway (except
> > > perhaps where there's no doit at all, like the dump_policy thing here),
> > > so it wouldn't matter if some attribute is ending up ignored?  
> > 
> > It may be useful for feature discovery to know if an attribute is
> > supported.  
> 
> Fair point.
> 
> > I don't think it matters for any user right now, but maybe we should
> > require user space to specify if they are interested in normal req
> > policy or dump policy? That'd give us the ability to report different
> > ones in the future when the need arises.  
> 
> Or just give them both? I mean, in many (most?) cases they're anyway
> going to be the same, so with the patches I posted you could just give
> them the two different policy indexes, and they can be the same?

Ah, I missed your posting! Like this?

[OP_POLICY]
   [OP]
      [DO]   -> u32
      [DUMP] -> u32

> But whichever, doesn't really matter much.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ