From: Flavio Leitner <fbl@redhat.com>
To: Prarit Bhargava <prarit@redhat.com>
Cc: netdev@vger.kernel.org, davem@davemloft.net, agospoda@redhat.com,
nhorman@redhat.com, lwoodman@redhat.com
Subject: Re: [PATCH]: Add Network Sysrq Support
Date: Tue, 21 Jun 2011 20:32:14 -0300 [thread overview]
Message-ID: <4E0129FE.7050709@redhat.com> (raw)
In-Reply-To: <4E011A96.7050509@redhat.com>
On 06/21/2011 07:26 PM, Prarit Bhargava wrote:
>> I'm thinking on a situation where we leave the systems with this enabled
>> and then an ordinary user starts pinging the network guessing the hexa to
>> cause reboots.
>>
>
> Good point Flavio, but that's *exactly* why I wrote this in single-shot
> mode. I really think the code might be a bit too risky for most people
> to deploy in production environments. It's too risky for me to let
> someone ping and ping and ping until they luckily hit the magic number
> and figure out how to bring *all* of my systems down. What are the
> chances that a lab admin is smart enough to set the password to
> different numbers across different machines in a single lab?
I see your point. I liked the patch because of the simplicity but
oh well, if we care that much about the security, then in the end
we will have something similar to what the xt_SYSRQ does already.
fbl
next prev parent reply other threads:[~2011-06-21 23:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-21 13:00 [PATCH]: Add Network Sysrq Support Prarit Bhargava
2011-06-21 17:08 ` Stephen Hemminger
2011-06-21 18:30 ` Neil Horman
2011-06-21 20:09 ` Randy Dunlap
2011-06-21 20:37 ` Florian Westphal
2011-06-21 20:46 ` Randy Dunlap
2011-06-21 22:12 ` Prarit Bhargava
2011-06-21 22:05 ` Flavio Leitner
2011-06-21 22:26 ` Prarit Bhargava
2011-06-21 23:32 ` Flavio Leitner [this message]
2011-06-21 22:56 ` Florian Westphal
2011-06-21 22:58 ` David Miller
2011-06-22 10:26 ` Prarit Bhargava
2011-06-22 10:35 ` David Miller
2011-06-22 10:42 ` Prarit Bhargava
2011-06-22 10:54 ` Florian Westphal
2011-06-22 12:19 ` Prarit Bhargava
2011-06-22 12:37 ` John Haxby
2011-06-22 17:39 ` Prarit Bhargava
2011-06-22 18:46 ` John Haxby
2011-06-22 20:29 ` David Miller
2011-06-22 18:57 ` John Haxby
2011-06-22 20:27 ` David Miller
2011-06-24 14:37 ` John Haxby
2011-06-22 7:55 ` WANG Cong
2011-06-22 15:29 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E0129FE.7050709@redhat.com \
--to=fbl@redhat.com \
--cc=agospoda@redhat.com \
--cc=davem@davemloft.net \
--cc=lwoodman@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=prarit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).