lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211102085005.GA14342@asgard.redhat.com>
Date:   Tue, 2 Nov 2021 09:50:05 +0100
From:   Eugene Syromiatnikov <esyr@...hat.com>
To:     Jeremy Kerr <jk@...econstruct.com.au>
Cc:     Matt Johnston <matt@...econstruct.com.au>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next 0/2] MCTP sockaddr padding check/initialisation
 fixup

On Tue, Nov 02, 2021 at 09:57:34AM +0800, Jeremy Kerr wrote:
> Hi Eugene,
> 
> > Padding/reserved fields necessitate appropriate checks in order to be
> > usable in the future.
> 
> We don't have a foreseeable need for extra fields here; so this is a bit
> hypothetical at the moment. However, I guess there may be something that
> comes up in future - was there something you have in mind?

Not really, but reality suggests that many interfaces tend to extend
over time (including socket addresses, see flags in sockaddr_vm
as an example), so future-proofing padding allows extending into it
with minimal implementation complication, comparing to other approaches.

> The requirements for the padding bytes to be zero on sendmsg() will
> break the ABI for applications that are using the interface on 5.15;
> there's a small, contained set of those at the moment though, so I'm OK
> to handle the updates if this patch is accepted, but we'd need to make a
> call on that soon.

Yeah, I regret I have not caught it earlier.

> Setting the pad bytes to zero on recvmsg() is a good plan though, I'm
> happy for that change to go in regardless.

I can split it out in case there is hesitance with regards to applying padding
checks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ