lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 Mar 2023 10:44:00 +0100
From:   Petr Machata <petrm@...dia.com>
To:     Jakub Kicinski <kuba@...nel.org>
CC:     Petr Machata <petrm@...dia.com>,
        "David S. Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>, <netdev@...r.kernel.org>,
        David Ahern <dsahern@...nel.org>,
        Shuah Khan <shuah@...nel.org>,
        Ido Schimmel <idosch@...dia.com>, <mlxsw@...dia.com>
Subject: Re: [PATCH net-next 0/5] net: Extend address label support


Jakub Kicinski <kuba@...nel.org> writes:

> On Mon, 13 Mar 2023 14:26:56 +0100 Petr Machata wrote:
>> > Feels a bit like we're missing motivation for this change.
>> > I thought address labels were legacy cruft.  
>> 
>> The immutability and lack of IPv6 support is seriously limiting, so the
>> fact nobody is using this is not that surprising.
>> 
>> > Also the usual concern about allowing to change things is that some
>> > user space will assume it's immutable. The label could until this 
>> > set be used as part of a stable key, right?  
>> 
>> Maybe. But to change a label, you need to be an admin, so yeah, you can
>> screw things up if you want to. You could e.g. delete the address
>> outright. In the end it should be on me as an admin to run a stack that
>> is not stumbling over itself.
>
> I haven't seen that caveat under the "no uAPI-visible regressions"
> rule book...  Have you done a github grep for uses of this attr?

I didn't realize this before, but the labels do change today as a result
of interface renames. That's... not good. One thing is an admin coming
along and changing a label, which yeah, would change a label. A change
in netdevice name screwing up all the labels is a whole different level.
I guess whatever the original use case for labels was leaks through too
much at this point.

So scratch all this.

I think we will have to use address protocol to do this. IPv6 protocol
already supports replace semantics. Any objections to adding the same
for IPv4?

Like with the labels, address replacement messages with an explicit
IFA_PROTO are not bounced, they just neglect to actually change the
protocol. But it makes no sense to me that someone would issue address
replacement with an explicit proto set which differs from the current
one, but would still rely on the fact that the proto doesn't change...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ