Re: [RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl

From: Linus Torvalds
Date: Mon Jan 23 2017 - 20:10:02 EST

Next message: Masahiro Yamada: "Re: [PATCH] ARM: Ignore compressed kernel build products"
Previous message: Eric W. Biederman: "Re: [PATCH] mnt: allow to add a mount into an existing group"
In reply to: Jiri Kosina: "[RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl"
Next in thread: Pablo Neira Ayuso: "Re: [RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 23, 2017 at 4:06 PM, Jiri Kosina <jikos@xxxxxxxxxx> wrote:
>
> Considering this being really close to the "userspace breakage"
> borderline, I'm CCing Linus as well.

For all I know, there may be some security reason why we really don't
want the automatic helpers, even if they can be convenient.

Also, you can just enable them with a kernel command line or a sysctl,
so it's not like you can't get the old behavior back.

Do networking people have any comments? Was there a reason to actually
switch the default? Because the commit messages aren't all that
helpful.

Linus

Next message: Masahiro Yamada: "Re: [PATCH] ARM: Ignore compressed kernel build products"
Previous message: Eric W. Biederman: "Re: [PATCH] mnt: allow to add a mount into an existing group"
In reply to: Jiri Kosina: "[RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl"
Next in thread: Pablo Neira Ayuso: "Re: [RFC PATCH 0/2] restore original default of nf_conntrack_helper sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]