Netdev List
 help / color / mirror / Atom feed
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Ben Greear <greearb@candelatech.com>
Cc: David Miller <davem@davemloft.net>, NetDev <netdev@vger.kernel.org>
Subject: Re: [PATCH net-next-2.6] pktgen: Optionally leak kernel memory
Date: Sat, 24 Jul 2010 16:13:15 +0200	[thread overview]
Message-ID: <1279980795.2451.157.camel@edumazet-laptop> (raw)
In-Reply-To: <4C4AE80F.1040406@candelatech.com>

Le samedi 24 juillet 2010 à 06:18 -0700, Ben Greear a écrit :

> I think most users of pktgen wouldn't be too concerned about leaking
> memory content to the network.  It's a root-only test tool that can easily
> saturate most networks and do horrible things like overflow switch CAM tables
> by randomizing source/dest macs etc.  So, this warning might could be a bit
> more descriptive of how it is a security problem "arbitrary contents of memory can be
> sent across the network and may be sniffed by devices on the network, potentially
> revealing private information such as passwords and application data for applications
> running on the machine running pktgen" instead of telling folks not to use it unless it's
> really needed.

Most of the horrible things you mention are not related to the memset()
thing, arent they ?


Being root means : "I am a trusted user on this machine, and as such,
must know a bit what security means".

It doesnt mean : "I am allowed to steal passwords, credit card numbers,
from gentle users. I am allowed to blow up the LAN with billions of evil
frames". Still, pktgen is there and might be used by a fool.

The "UNSAFE" label should be more than enough to warn the fool admin ;)

Note this "UNSAFE" thing is really bad. Nowhere in the kernel we are
allowed to make this sort of thing : No special mmap() flag asking
kernel to give non cleared memory pages, even to root user.

I am not sure David will accept the patch !

Anyway, as I said, if you want to saturate a 10Gb+ network with pktgen,
you probably need clone_skb ?




  reply	other threads:[~2010-07-24 14:13 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-23 23:14 pktgen performance hit due to memset Ben Greear
2010-07-24  1:51 ` David Miller
2010-07-24  5:23 ` [PATCH net-next-2.6] pktgen: Optionally leak kernel memory Eric Dumazet
2010-07-24 13:18   ` Ben Greear
2010-07-24 14:13     ` Eric Dumazet [this message]
2010-07-24 15:35       ` Ben Greear
2010-07-25  4:35       ` David Miller
2010-07-25  8:27         ` Eric Dumazet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1279980795.2451.157.camel@edumazet-laptop \
    --to=eric.dumazet@gmail.com \
    --cc=davem@davemloft.net \
    --cc=greearb@candelatech.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox