| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Apr 2022 18:42:24 -0600
From: David Ahern <dsahern@...nel.org>
To: Nikolay Aleksandrov <razor@...ckwall.org>,
Ido Schimmel <idosch@...sch.org>
Cc: netdev@...r.kernel.org, roopa@...dia.com, kuba@...nel.org,
davem@...emloft.net, bridge@...ts.linux-foundation.org
Subject: Re: [PATCH net-next v4 05/12] net: rtnetlink: add bulk delete support
flag
On 4/13/22 6:21 AM, Nikolay Aleksandrov wrote:
>> If a buggy user space application is sending messages with NLM_F_BULK
>> set (unintentionally), will it break on newer kernel? I couldn't find
>> where the kernel was validating that reserved flags are not used (I
>> suspect it doesn't).
>
> Correct, it doesn't.
>
>>
>> Assuming the above is correct and of interest, maybe just emit a warning
>> via extack and drop the goto? Alternatively, we can see if anyone
>> complains which might never happen
>>
>
> TBH I prefer to error out on an unsupported flag, but I get the problem. These
> weren't validated before and we start checking now. The problem is that we'll
> return an extack without an error, but the delete might also remove something.
> Hrm.. perhaps we can rephrase the error in that case (since it becomes a warning
> in iproute2 terms):
> "NLM_F_BULK flag is set but bulk delete operation is not supported"
> So it will warn the user it has an unsupported flag.
>
> WDYT ?
>
> IMO we should bite the bullet and keep the error though. :)
>
I agree. The check across the board for BULK flag on any DELETE requests
should tell us pretty quick if someone is setting that flag when it
should not be.
Powered by blists - more mailing lists