From: Stephen Hemminger <stephen@networkplumber.org>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>,
David Miller <davem@davemloft.net>,
LKML <linux-kernel@vger.kernel.org>,
Netdev <netdev@vger.kernel.org>
Subject: Re: Is ndo_do_ioctl still acceptable?
Date: Thu, 12 Nov 2015 14:27:17 -0800 [thread overview]
Message-ID: <20151112142717.7144e931@xeon-e3> (raw)
In-Reply-To: <CAHmME9pHg7iAorj22DvWKhrH4HXPne7ZBAr7X1wyR7VEkJfk8w@mail.gmail.com>
On Thu, 12 Nov 2015 23:19:06 +0100
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn
> <ahferroin7@gmail.com> wrote:
> >>
> > On the other hand, based on what you are saying about your device, it sounds
> > like you are working on some kind of cryptographically secured (either
> > authenticated or encrypted or both) tunnel, in which case the fact that
> > security is easier to handle with netlink than ioctls becomes important. If
> > you can't ensure security of the endpoint configuration, you can't ensure
> > security of the tunnel itself.
>
> Could you substantiate these claims that "security is easier to handle
> with netlink". I've never heard this and I don't know why it'd be the
> case. Are you referring to the fact that the copy_to/from_user dance
> of ioctl opens up more potential vulnerabilities than netlink's
> abstracted validation? Or something else? Just confused here...
It means that with netlink it possible to checks on field types and lengths
in generic manner. Ioctl's have the whole compat mess to deal with.
Also when using seccomp it is possible to write code to look at netlink
messages. With ioctl's that is much more difficult especially since the
same ioctl may have different meanings for each device type.
prev parent reply other threads:[~2015-11-12 22:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-12 4:59 Is ndo_do_ioctl still acceptable? Jason A. Donenfeld
2015-11-12 16:34 ` Stephen Hemminger
2015-11-12 16:58 ` Jason A. Donenfeld
2015-11-12 20:30 ` Austin S Hemmelgarn
2015-11-12 22:19 ` Jason A. Donenfeld
2015-11-12 22:27 ` Stephen Hemminger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151112142717.7144e931@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=Jason@zx2c4.com \
--cc=ahferroin7@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).