From: Eric Dumazet <eric.dumazet@gmail.com>
To: Ben Greear <greearb@candelatech.com>
Cc: David Miller <davem@davemloft.net>, NetDev <netdev@vger.kernel.org>
Subject: Re: [PATCH net-next-2.6] pktgen: Optionally leak kernel memory
Date: Sat, 24 Jul 2010 16:13:15 +0200 [thread overview]
Message-ID: <1279980795.2451.157.camel@edumazet-laptop> (raw)
In-Reply-To: <4C4AE80F.1040406@candelatech.com>
Le samedi 24 juillet 2010 à 06:18 -0700, Ben Greear a écrit :
> I think most users of pktgen wouldn't be too concerned about leaking
> memory content to the network. It's a root-only test tool that can easily
> saturate most networks and do horrible things like overflow switch CAM tables
> by randomizing source/dest macs etc. So, this warning might could be a bit
> more descriptive of how it is a security problem "arbitrary contents of memory can be
> sent across the network and may be sniffed by devices on the network, potentially
> revealing private information such as passwords and application data for applications
> running on the machine running pktgen" instead of telling folks not to use it unless it's
> really needed.
Most of the horrible things you mention are not related to the memset()
thing, arent they ?
Being root means : "I am a trusted user on this machine, and as such,
must know a bit what security means".
It doesnt mean : "I am allowed to steal passwords, credit card numbers,
from gentle users. I am allowed to blow up the LAN with billions of evil
frames". Still, pktgen is there and might be used by a fool.
The "UNSAFE" label should be more than enough to warn the fool admin ;)
Note this "UNSAFE" thing is really bad. Nowhere in the kernel we are
allowed to make this sort of thing : No special mmap() flag asking
kernel to give non cleared memory pages, even to root user.
I am not sure David will accept the patch !
Anyway, as I said, if you want to saturate a 10Gb+ network with pktgen,
you probably need clone_skb ?
next prev parent reply other threads:[~2010-07-24 14:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-23 23:14 pktgen performance hit due to memset Ben Greear
2010-07-24 1:51 ` David Miller
2010-07-24 5:23 ` [PATCH net-next-2.6] pktgen: Optionally leak kernel memory Eric Dumazet
2010-07-24 13:18 ` Ben Greear
2010-07-24 14:13 ` Eric Dumazet [this message]
2010-07-24 15:35 ` Ben Greear
2010-07-25 4:35 ` David Miller
2010-07-25 8:27 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1279980795.2451.157.camel@edumazet-laptop \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=greearb@candelatech.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox