Re: lan based kgdb - Eric W. Biederman

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Brad Hards <bhards@bigpond.net.au>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: lan based kgdb
Date: 17 Nov 2002 14:30:00 -0700	[thread overview]
Message-ID: <m1smxz3mw7.fsf@frodo.biederman.org> (raw)
In-Reply-To: <200211180725.27450.bhards@bigpond.net.au>

Brad Hards <bhards@bigpond.net.au> writes:

> On Mon, 18 Nov 2002 06:42, Eric W. Biederman wrote:
> > As long as the network console/debug interface includes basic a basic
> > check to verify that the packets it accepts are from the local network.
> This is pretty hard to do in some configurations. You essentially have to do 
> this at the router, not at destination.

I agree that you cannot do a perfect job.  The goal is to get something
that is good enough so that it can be enabled and not give an automatic root
exploit if someone accidentally leaves it on at the wrong time.

> > And it's outgoing packets have a ttl of one.  I don't have a problem.
> Recent IETF work on link-local has used TTL=255 outgoing, and it has to be 255 
> at the receive end too. That is a reasonable way to ensure that is is 
> link-local, since even the most brain-dead routers will at least decrement 
> TTL.

Nice. And then on the transmit end I would still use a TTL=1 so that
routers will refuse to route the packets.  A bit asymmetric but I only
care about security in one direction.  

But in what kind of configurations is checking the ip against the
current netmask insufficient?  Checking for a TTL of 255 will
trivially make the check stronger.

Having a network console for various debugging tasks could be very
useful.  The question is how to implement it simply and reliably.

Eric

next prev parent reply	other threads:[~2002-11-17 21:23 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-15 20:29 lan based kgdb Kallol Biswas
2002-11-15 20:38 ` William Lee Irwin III
2002-11-15 22:06 ` Martin J. Bligh
2002-11-15 21:26   ` Linus Torvalds
2002-11-15 21:46     ` Andrew Morton
2002-11-15 22:05     ` Kallol Biswas
2002-11-15 22:24     ` Stelian Pop
2002-11-15 22:47       ` Dmitri
2002-11-15 22:53         ` Stelian Pop
2002-11-17  5:45         ` M. R. Brown
2002-11-15 22:51       ` Andrew Morton
2002-11-15 22:59         ` Stelian Pop
2002-11-16 16:23           ` yodaiken
2002-11-16 17:21             ` Stelian Pop
2002-11-16 21:32               ` Nicholas Miell
2002-11-16  2:35         ` Alan Cox
2002-11-16 18:18           ` Oliver Xymoron
2002-11-16  4:19       ` Linus Torvalds
2002-11-16  7:24         ` David Mosberger-Tang
2002-11-16 17:58           ` Daniel Jacobowitz
2002-11-16 23:56           ` Alan Cox
2002-11-16 18:24         ` Oliver Xymoron
2002-11-16 18:33           ` Linus Torvalds
2002-11-16 19:04             ` Oliver Xymoron
2002-11-17  9:56             ` Jan-Benedict Glaw
2002-11-17 14:50               ` Alan Cox
2002-11-18  7:27                 ` Jan-Benedict Glaw
2002-11-19  8:49                 ` Amit S. Kale
2002-11-16 20:42         ` Werner Almesberger
2002-11-16 23:54         ` Alan Cox
2002-11-17  3:19           ` Linus Torvalds
2002-11-17  3:30             ` Larry McVoy
2002-11-17 19:42               ` Eric W. Biederman
2002-11-17 20:10                 ` Jamie Lokier
2002-11-17 20:31                   ` Eric W. Biederman
2002-11-17 20:25                 ` Brad Hards
2002-11-17 21:30                   ` Eric W. Biederman [this message]
2002-11-17 21:32                     ` David Lang
2002-11-17 21:48                       ` Brad Hards
2002-11-17 22:00                         ` David Lang
2002-11-17 23:48                           ` Eric W. Biederman
2002-11-17 21:42                     ` Brad Hards
2002-11-18  1:10                 ` Werner Almesberger
2002-11-18  7:20       ` Miles Bader
  -- strict thread matches above, loose matches on Subject: below --
2002-11-15 21:44 Edwin Bland
     [not found] <1037490849.24843.11.camel@irongate.swansea.linux.org.uk.suse.lists.linux.kernel>
     [not found] ` <20021116193008.C25741@work.bitmover.com.suse.lists.linux.kernel>
     [not found]   ` <m11y5k3ruw.fsf@frodo.biederman.org.suse.lists.linux.kernel>
     [not found]     ` <200211180725.27450.bhards@bigpond.net.au.suse.lists.linux.kernel>
     [not found]       ` <m1smxz3mw7.fsf@frodo.biederman.org.suse.lists.linux.kernel>
2002-11-17 23:52         ` Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1smxz3mw7.fsf@frodo.biederman.org \
    --to=ebiederm@xmission.com \
    --cc=bhards@bigpond.net.au \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox