[PATCH 1/3] decnet: Move to staging

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/3] decnet: Move to staging
@ 2010-11-23  3:51 Ben Hutchings
  2010-11-23  4:31 ` Stephen Hemminger
  0 siblings, 1 reply; 3+ messages in thread
From: Ben Hutchings @ 2010-11-23  3:51 UTC (permalink / raw)
  To: David Miller, Greg Kroah-Hartman; +Cc: netdev, devel, Debian kernel maintainers

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation.

The decnet protocol (PF_DECnet) is unmaintained.  Since 2.6.12-rc2 the
only changes appear to be adjustments for net API changes and fixes
for bugs found by inspection.

This protocol generally should not be enabled by distributions, since
the cost of a security flaw affecting all installed systems presumably
outweighs the benefit to the few (if any) legitimate users.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
 drivers/staging/Kconfig |    2 ++
 net/Kconfig             |    2 --
 net/decnet/Kconfig      |    3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/Kconfig b/drivers/staging/Kconfig
index 5eafdf4..dd94cb2 100644
--- a/drivers/staging/Kconfig
+++ b/drivers/staging/Kconfig
@@ -175,5 +175,7 @@ source "drivers/staging/intel_sst/Kconfig"
 
 source "drivers/staging/speakup/Kconfig"
 
+source "net/decnet/Kconfig"
+
 endif # !STAGING_EXCLUDE_BUILD
 endif # STAGING
diff --git a/net/Kconfig b/net/Kconfig
index 55fd82e..9e4fc29 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -186,7 +186,6 @@ config BRIDGE_NETFILTER
 source "net/netfilter/Kconfig"
 source "net/ipv4/netfilter/Kconfig"
 source "net/ipv6/netfilter/Kconfig"
-source "net/decnet/netfilter/Kconfig"
 source "net/bridge/netfilter/Kconfig"
 
 endif
@@ -201,7 +200,6 @@ source "net/802/Kconfig"
 source "net/bridge/Kconfig"
 source "net/dsa/Kconfig"
 source "net/8021q/Kconfig"
-source "net/decnet/Kconfig"
 source "net/llc/Kconfig"
 source "net/ipx/Kconfig"
 source "drivers/net/appletalk/Kconfig"
diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig
index 7914fd6..9d17166 100644
--- a/net/decnet/Kconfig
+++ b/net/decnet/Kconfig
@@ -41,3 +41,6 @@ config DECNET_ROUTER
 
 	  See <file:Documentation/networking/decnet.txt> for more information.
 
+if NETFILTER
+source "net/decnet/netfilter/Kconfig"
+endif
-- 
1.7.2.3

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/3] decnet: Move to staging
  2010-11-23  3:51 [PATCH 1/3] decnet: Move to staging Ben Hutchings
@ 2010-11-23  4:31 ` Stephen Hemminger
  2010-11-23  5:19   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2010-11-23  4:31 UTC (permalink / raw)
  To: Ben Hutchings
  Cc: David Miller, Greg Kroah-Hartman, netdev, devel,
	Debian kernel maintainers

On Tue, 23 Nov 2010 03:51:53 +0000
Ben Hutchings <ben@decadent.org.uk> wrote:

> Recent review has revealed several bugs in obscure protocol
> implementations that can be exploited by local users for denial of
> service or privilege escalation.
> 
> The decnet protocol (PF_DECnet) is unmaintained.  Since 2.6.12-rc2 the
> only changes appear to be adjustments for net API changes and fixes
> for bugs found by inspection.
> 
> This protocol generally should not be enabled by distributions, since
> the cost of a security flaw affecting all installed systems presumably
> outweighs the benefit to the few (if any) legitimate users.
> 
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

NAK there are still users and stuff does get fixed.
If you don't like it then disable it from config.



-- 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/3] decnet: Move to staging
  2010-11-23  4:31 ` Stephen Hemminger
@ 2010-11-23  5:19   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2010-11-23  5:19 UTC (permalink / raw)
  To: shemminger; +Cc: ben, gregkh, netdev, devel, debian-kernel

From: Stephen Hemminger <shemminger@vyatta.com>
Date: Mon, 22 Nov 2010 20:31:31 -0800

> On Tue, 23 Nov 2010 03:51:53 +0000
> Ben Hutchings <ben@decadent.org.uk> wrote:
> 
>> Recent review has revealed several bugs in obscure protocol
>> implementations that can be exploited by local users for denial of
>> service or privilege escalation.
>> 
>> The decnet protocol (PF_DECnet) is unmaintained.  Since 2.6.12-rc2 the
>> only changes appear to be adjustments for net API changes and fixes
>> for bugs found by inspection.
>> 
>> This protocol generally should not be enabled by distributions, since
>> the cost of a security flaw affecting all installed systems presumably
>> outweighs the benefit to the few (if any) legitimate users.
>> 
>> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> 
> NAK there are still users and stuff does get fixed.
> If you don't like it then disable it from config.

Seriously, I can't even remember a bonifides security flaw in decnet
being found recently and in fact the decnet stack is very well written
code.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-11-23  5:18 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-23  3:51 [PATCH 1/3] decnet: Move to staging Ben Hutchings
2010-11-23  4:31 ` Stephen Hemminger
2010-11-23  5:19   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).