From: Benjamin LaHaise <bcrl@kvack.org>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org, linux-ppp@vger.kernel.org
Subject: Re: [PATCH next-next] ppp: change default for incoming protocol filter to NPMODE_DROP
Date: Sat, 7 Jul 2012 20:38:04 -0400 [thread overview]
Message-ID: <20120708003804.GH19462@kvack.org> (raw)
In-Reply-To: <20120707.161504.686059289738005570.davem@davemloft.net>
On Sat, Jul 07, 2012 at 04:15:04PM -0700, David Miller wrote:
> From: Benjamin LaHaise <bcrl@kvack.org>
> Date: Fri, 6 Jul 2012 13:28:00 -0400
>
> > How about the following addition instead to provide a list of
> > protocols to disable?
>
> The userspace programs must accomodate all existing kernels, so
> the addition of this feature is rather pointless.
It's not existing kernels that this guards against, but the use of older
versions of the API users on new kernels that support additional protocols.
I'm in the middle of porting a PPP stack to using the ppp_generic interface,
and there is no way for me to prevent packet types for protocols which are
newly added to the kernel from getting these new packet types leaked. I
came across this exactly because I was testing this case. I suppose I can
ignore the issue, but I'd prefer to get it right since it is technically a
security hole that bypasses PPP session authentication.
-ben
--
"Thought is the essence of where you are now."
prev parent reply other threads:[~2012-07-08 0:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-04 1:32 [PATCH next-next] ppp: change default for incoming protocol filter to NPMODE_DROP Benjamin LaHaise
2012-07-05 10:00 ` David Miller
2012-07-06 17:28 ` Benjamin LaHaise
2012-07-07 23:15 ` David Miller
2012-07-08 0:38 ` Benjamin LaHaise [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120708003804.GH19462@kvack.org \
--to=bcrl@kvack.org \
--cc=davem@davemloft.net \
--cc=linux-ppp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).