lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220110085110.3902b6d4@kicinski-fedora-PC1C0HJN.hsd1.ca.comcast.net>
Date:   Mon, 10 Jan 2022 08:51:10 -0800
From:   Jakub Kicinski <kuba@...nel.org>
To:     Kai-Heng Feng <kai.heng.feng@...onical.com>
Cc:     Andrew Lunn <andrew@...n.ch>, Oliver Neukum <oneukum@...e.com>,
        Aaron Ma <aaron.ma@...onical.com>, henning.schild@...mens.com,
        linux-usb@...r.kernel.org, netdev@...r.kernel.org,
        davem@...emloft.net, hayeswang@...ltek.com, tiwai@...e.de
Subject: Re: [PATCH 1/3 v3] net: usb: r8152: Check used MAC passthrough
 address

On Mon, 10 Jan 2022 11:32:16 +0800 Kai-Heng Feng wrote:
> > > I don't think it's a good idea. On my laptop,
> > > systemd-udev-settle.service can add extra 5~10 seconds boot time
> > > delay.
> > > Furthermore, the external NIC in question is in a USB/Thunderbolt
> > > dock, it can present pre-boot, or it can be hotplugged at any time.  
> >
> > IIUC our guess is that this feature used for NAC and IEEE 802.1X.
> > In that case someone is already provisioning certificates to all
> > the machines, and must provide a config for all its interfaces.
> > It should be pretty simple to also put the right MAC address override
> > in the NetworkManager/systemd-networkd/whatever config, no?  
> 
> If that's really the case, why do major OEMs came up with MAC
> pass-through? Stupid may it be, I don't think it's a solution looking
> for problem.

I don't know. Maybe due to a limitation in Windows? Maybe it's hard to
do in network manager, too, and we're not seeing something. Or perhaps
simply because they want to convince corporations to buy their
unreasonably expensive docks.

What I do know is that we need to gain a good understanding of the
motivation before we push any more of such magic into the kernel.

I may be able to do some testing myself after the Omicron surge is over
in the US.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ