| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bddd44410602480fb57c82b8face23bb@AcuMS.aculab.com> Date: Tue, 26 Nov 2024 19:19:54 +0000 From: David Laight <David.Laight@...LAB.COM> To: 'Herbert Xu' <herbert@...dor.apana.org.au>, Kent Overstreet <kent.overstreet@...ux.dev> CC: NeilBrown <neilb@...e.de>, Thomas Graf <tgraf@...g.ch>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: rhashtable issue - -EBUSY From: Herbert Xu > Sent: 26 November 2024 04:00 > > On Mon, Nov 25, 2024 at 10:51:04PM -0500, Kent Overstreet wrote: > > > > I just meant having a knob that's called "insecure". Why not a knob > > that selects nonblocking vs. reliable? > > Because it is *insecure*. If a hostile actor gains the ability > to insert into your hash table, then by disabling this defence > you're giving them the ability to turn your hash table into a > linked list. > > So as long as you acknowledge and are willing to undertake this > risk, I'm happy for you to do that. But I'm not going to hide > this under the rug. There is always the option of some kind of status flag (etc) so that the user can find out that the hash table is 'sub optimal' outsize of the insert path. Not sure how you'd clear it - except by a rehash. That does pass the buck a bit though. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists