* Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote: > On 10/5/15 3:14 PM, Daniel Borkmann wrote: > >One scenario that comes to mind ... what happens when there are kernel > >pointers stored in skb->cb[] (either from the current layer or an old > >one from a different layer that the skb went through previously, but > >which did not get overwritten)? > > > >Socket filters could read a portion of skb->cb[] also when unprived and > >leak that out through maps. I think the verifier doesn't catch that, > >right? > > grrr. indeed. previous layer before sk_filter() can leave junk in there. Could this be solved by activating zeroing/sanitizing of this data if there's an active BPF function around that can access that socket? Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
