Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default

From: David Ahern
Date: Fri Sep 24 2021 - 21:57:33 EST

Next message: Cai Huoqing: "[PATCH v6 3/3] MAINTAINERS: Add the driver info of the NXP IMX8QXP"
Previous message: David Ahern: "Re: [PATCH 17/19] selftests: Add -t tcp_authopt option for fcnal-test.sh"
Next in thread: Leonard Crestez: "Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/21/21 10:14 AM, Leonard Crestez wrote:
> This is mainly intended to protect against local privilege escalations
> through a rarely used feature so it is deliberately not namespaced.
>
> Enforcement is only at the setsockopt level, this should be enough to
> ensure that the tcp_authopt_needed static key never turns on.
>
> No effort is made to handle disabling when the feature is already in
> use.
>

MD5 does not require a sysctl to use it, so why should this auth mechanism?

Next message: Cai Huoqing: "[PATCH v6 3/3] MAINTAINERS: Add the driver info of the NXP IMX8QXP"
Previous message: David Ahern: "Re: [PATCH 17/19] selftests: Add -t tcp_authopt option for fcnal-test.sh"
Next in thread: Leonard Crestez: "Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]