lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Jan 2022 10:33:39 -0600
From:   "Limonciello, Mario" <mario.limonciello@....com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     Kai-Heng Feng <kai.heng.feng@...onical.com>,
        Andrew Lunn <andrew@...n.ch>, Oliver Neukum <oneukum@...e.com>,
        Aaron Ma <aaron.ma@...onical.com>, henning.schild@...mens.com,
        linux-usb@...r.kernel.org, netdev@...r.kernel.org,
        davem@...emloft.net, hayeswang@...ltek.com, tiwai@...e.de
Subject: Re: [PATCH 1/3 v3] net: usb: r8152: Check used MAC passthrough
 address

On 1/11/2022 10:26, Jakub Kicinski wrote:
> On Tue, 11 Jan 2022 08:57:39 -0600 Limonciello, Mario wrote:
>> The important thing to remember is that many of these machines *don't*
>> have in-built network controller and rely upon a USB-c network adapter.
>>
>> I recall a few reasons.
>>
>> 1) Consistency with the UEFI network stack and dual booting Windows when
>> using the machine.  IOW 1 DHCP lease to one network controller, not one OS.
>>
>> 2) A (small) part of an onion that is network security.  It allows
>> administrators to allow-list or block-list controllers.
>>
>> The example I recall hearing is someone has their laptop stolen and
>> notifies I/T.  I/T removes the MAC address of the pass through address
>> from the allow-list and now that laptop can't use any hotel cubes for
>> accessing network resources.
>>
>> 3) Resource planning and management of hoteling resources.
>>
>> For example allow facilities to monitor whether users are reserving and
>> using the hoteling cubes they reserved.
> 
> Interesting, I haven't thought about use case (3).

These are just the cases I have from my memory when we kicked this off. 
  There may be others that are now used too.

> 
> Do you know how this is implemented on other platforms?


It's entirely OS independent - but presumes that there is a mapping of 
the pass through MAC address of the HW to a user account in the hoteling 
cube reservation software.

If you end up having only your pass through MAC used for Windows and 
UEFI your hoteling system might not work properly if your corporation 
also supports employees to use Linux and this feature was removed from 
the kernel.

Powered by blists - more mailing lists