From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: Johannes Berg <johannes@sipsolutions.net>,
Andrew Zaborowski <andrew.zaborowski@intel.com>,
Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] nl80211: Reject disconnect commands except from conn_owner
Date: Tue, 8 May 2018 14:34:37 +0200 [thread overview]
Message-ID: <5AF1995D.3040204@broadcom.com> (raw)
In-Reply-To: <1525781970.14830.11.camel@sipsolutions.net>
On 5/8/2018 2:19 PM, Johannes Berg wrote:
> On Tue, 2018-05-08 at 14:18 +0200, Arend van Spriel wrote:
>> On 5/7/2018 9:19 PM, Johannes Berg wrote:
>>> On Sun, 2018-04-29 at 20:30 +0200, Andrew Zaborowski wrote:
>>>> On 28 April 2018 at 15:07, Kalle Valo <kvalo@codeaurora.org> wrote:
>>>>> Andrew Zaborowski <andrew.zaborowski@intel.com> writes:
>>>>>> Reject NL80211_CMD_DISCONNECT, NL80211_CMD_DISASSOCIATE,
>>>>>> NL80211_CMD_DEAUTHENTICATE and NL80211_CMD_ASSOCIATE commands
>>>>>> from clients other than the connection owner set in the connect,
>>>>>> authenticate or associate commands, if it was set.
>>>>>>
>>>>>> The main point of this check is to prevent chaos when two processes
>>>>>> try to use nl80211 at the same time, it's not a security measure.
>>>>>> The same thing should possibly be done for JOIN_IBSS/LEAVE_IBSS and
>>>>>> START_AP/STOP_AP.
>>>>>
>>>>> s-o-b missing.
>>>>
>>>> True, thanks. Also I was going to send this as an RFC.
>>>>
>>>
>>> Looks fine to me, please resend if you want it in :)
>>
>> Do we really want this? Is the referred chaos hypothetical or an actual
>> issue. Nothing stops me from doing an 'ifconfig down' so why should 'iw
>> disconnect' be any different. As far I can tell it does not affect my
>> testing environment, but particularly in such use-cases I can expect
>> issues adopting this change, which is also hypothetical of course ;-)
>
> Yeah, it's a good question. But it might help with inadvertent issues,
> like starting wpa_s which immediately disconnects if it finds something
> connected. If that fails, perhaps you have a better chance of noticing
> the error?
Sure. I guess we all have been there kicking of wpa_s and discovering
there is already one running in the background. I am just a bit
squeamish to change the behavior like this. Hmmmm. Is wpa_s already
using SOCKET_OWNER. If so, I might create a patch to opt-out for that so
people can knowingly choose chaos ;-)
Regards,
Arend
next prev parent reply other threads:[~2018-05-08 12:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-28 1:47 [PATCH] nl80211: Reject disconnect commands except from conn_owner Andrew Zaborowski
2018-04-28 13:07 ` Kalle Valo
2018-04-29 18:30 ` Andrew Zaborowski
2018-05-07 19:19 ` Johannes Berg
2018-05-08 12:18 ` Arend van Spriel
2018-05-08 12:19 ` Johannes Berg
2018-05-08 12:34 ` Arend van Spriel [this message]
[not found] ` <A996D5EE-1279-4DEC-832F-FC4D5FD7FC61@gmail.com>
2018-05-22 10:39 ` Arend van Spriel
2018-05-22 14:45 ` Denis Kenzior
2018-05-08 20:03 ` Andrew Zaborowski
-- strict thread matches above, loose matches on Subject: below --
2018-05-22 0:46 Andrew Zaborowski
2018-05-22 7:53 ` Arend van Spriel
2018-05-22 8:21 ` Johannes Berg
2018-05-22 10:30 ` Arend van Spriel
2018-05-22 10:33 ` Andrew Zaborowski
2018-05-22 10:39 ` Arend van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5AF1995D.3040204@broadcom.com \
--to=arend.vanspriel@broadcom.com \
--cc=andrew.zaborowski@intel.com \
--cc=johannes@sipsolutions.net \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.