lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89iJvtuT4q-djaCzoGJTY68vE8wT+LVDkYGm=8_XzC9gchg@mail.gmail.com>
Date:   Thu, 1 Apr 2021 18:04:05 +0200
From:   Eric Dumazet <edumazet@...gle.com>
To:     Otto Hollmann <otto.hollmann@...e.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Jonathan Corbet <corbet@....net>,
        David Ahern <dsahern@...nel.org>,
        Michal Kubecek <mkubecek@...e.cz>
Subject: Re: [PATCH net-next] net: document a side effect of ip_local_reserved_ports

On Thu, Apr 1, 2021 at 5:58 PM Otto Hollmann <otto.hollmann@...e.com> wrote:
>
>     If there is overlapp between ip_local_port_range and ip_local_reserved_ports with a huge reserved block, it will affect probability of selecting ephemeral ports, see file net/ipv4/inet_hashtables.c:723
>
>     int __inet_hash_connect(
>     ...
>             for (i = 0; i < remaining; i += 2, port += 2) {
>                     if (unlikely(port >= high))
>                             port -= remaining;
>                     if (inet_is_local_reserved_port(net, port))
>                             continue;
>
>     E.g. if there is reserved block of 10000 ports, two ports right after this block will be 5000 more likely selected than others.
>     If this was intended, we can/should add note into documentation as proposed in this commit, otherwise we should think about different solution. One option could be mapping table of continuous port ranges. Second option could be letting user to modify step (port+=2) in above loop, e.g. using new sysctl parameter.
>
> Signed-off-by: Otto Hollmann <otto.hollmann@...e.com>

I think we can view this as a security bug that needs a fix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ