Re: [PATCH net-next-2.6] pktgen: Optionally leak kernel memory

[Ben Greear <greearb@candelatech.com>]

On 07/24/2010 07:13 AM, Eric Dumazet wrote:
> Le samedi 24 juillet 2010 à 06:18 -0700, Ben Greear a écrit :
>
>> I think most users of pktgen wouldn't be too concerned about leaking
>> memory content to the network.  It's a root-only test tool that can easily
>> saturate most networks and do horrible things like overflow switch CAM tables
>> by randomizing source/dest macs etc.  So, this warning might could be a bit
>> more descriptive of how it is a security problem "arbitrary contents of memory can be
>> sent across the network and may be sniffed by devices on the network, potentially
>> revealing private information such as passwords and application data for applications
>> running on the machine running pktgen" instead of telling folks not to use it unless it's
>> really needed.
>
> Most of the horrible things you mention are not related to the memset()
> thing, arent they ?
>
>
> Being root means : "I am a trusted user on this machine, and as such,
> must know a bit what security means".
>
> It doesnt mean : "I am allowed to steal passwords, credit card numbers,
> from gentle users. I am allowed to blow up the LAN with billions of evil
> frames". Still, pktgen is there and might be used by a fool.

Out of curiosity, couldn't root just use gdb, strace or similar means to
get access to user's programs?  Or add a simple module to the kernel to
dump memory pages for that matter?

It would seem to me that this UNSAFE flag is only to protect root users from
accidentally sharing their own private memory accidentally.

> The "UNSAFE" label should be more than enough to warn the fool admin ;)
>
> Note this "UNSAFE" thing is really bad. Nowhere in the kernel we are
> allowed to make this sort of thing : No special mmap() flag asking
> kernel to give non cleared memory pages, even to root user.

Ok, I don't mind either way.  I have a bunch of hacks to pktgen in
my tree already, so one more isn't a big deal.

> Anyway, as I said, if you want to saturate a 10Gb+ network with pktgen,
> you probably need clone_skb ?

I can get bi-directional 9.6Gbps or so using 1514 byte pkts and clone-skb == 0
on two ports using Intel 82599 10G NIC on core-i7 3.33Ghz (6GT/s pci-e bus).
(with memsets commented out).  This is around 40Gbps total data across the network
interfaces.

Some day I'll get a quad or 6-port 10G and see what it can do :)

Thanks,
Ben

-- 
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc  http://www.candelatech.com