lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230412072104.61910016@kernel.org> Date: Wed, 12 Apr 2023 07:21:04 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Matthieu Baerts <matthieu.baerts@...sares.net> Cc: Pablo Neira Ayuso <pablo@...filter.org>, netfilter-devel@...r.kernel.org, davem@...emloft.net, netdev@...r.kernel.org, pabeni@...hat.com, edumazet@...gle.com, mathew.j.martineau@...ux.intel.com, mptcp@...ts.linux.dev Subject: Re: [PATCH net,v2] uapi: linux: restore IPPROTO_MAX to 256 and add IPPROTO_UAPI_MAX On Thu, 6 Apr 2023 12:45:25 +0200 Matthieu Baerts wrote: > The modification in the kernel looks good to me. But I don't know how to > make sure this will not have any impact on MPTCP on the userspace side, > e.g. somewhere before calling the socket syscall, a check could be done > to restrict the protocol number to IPPROTO_MAX and then breaking MPTCP > support. Then again any code which stores the ipproto in an unsigned char will be broken. A perfect solution is unlikely to exist. > Is it not safer to expose something new to userspace, something > dedicated to what can be visible on the wire? > > Or recommend userspace programs to limit to lower than IPPROTO_RAW > because this number is marked as "reserved" by the IANA anyway [1]? > > Or define something new linked to UINT8_MAX because the layer 4 protocol > field in IP headers is limited to 8 bits? > This limit is not supposed to be directly linked to the one of the enum > you modified. I think we could even say it works "by accident" because > "IPPROTO_RAW" is 255. But OK "IPPROTO_RAW" is there from the "beginning" > [2] :) I'm not an expert but Pablo's patch seems reasonable to me TBH. Maybe I'm missing some extra MPTCP specific context?
Powered by blists - more mailing lists