lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220314155440.33149b87@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>
Date:   Mon, 14 Mar 2022 15:54:40 -0700
From:   Jakub Kicinski <kuba@...nel.org>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     netfilter-devel@...r.kernel.org, davem@...emloft.net,
        netdev@...r.kernel.org
Subject: Re: [PATCH net 0/3] Netfilter fixes for net

On Sat, 12 Mar 2022 23:03:12 +0100 Pablo Neira Ayuso wrote:
> 1) Revert port remap to mitigate shadowing service ports, this is causing
>    problems in existing setups and this mitigation can be achieved with
>    explicit ruleset, eg.
> 
> 	... tcp sport < 16386 tcp dport >= 32768 masquerade random
> 
>   This patches provided a built-in policy similar to the one described above.
> 
> 2) Disable register tracking infrastructure in nf_tables. Florian reported
>    two issues:
> 
>    - Existing expressions with no implemented .reduce interface
>      that causes data-store on register should cancel the tracking.
>    - Register clobbering might be possible storing data on registers that
>      are larger than 32-bits.
> 
>    This might lead to generating incorrect ruleset bytecode. These two
>    issues are scheduled to be addressed in the next release cycle.

Minor nit for the future - it'd still be useful to have Fixes tags even
for reverts or current release fixes so that lowly backporters (myself
included) do not have to dig into history to double confirm patches
are not needed in the production kernels we maintain. Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ