On 9/21/21 10:14 AM, Leonard Crestez wrote: > This is mainly intended to protect against local privilege escalations > through a rarely used feature so it is deliberately not namespaced. > > Enforcement is only at the setsockopt level, this should be enough to > ensure that the tcp_authopt_needed static key never turns on. > > No effort is made to handle disabling when the feature is already in > use. > MD5 does not require a sysctl to use it, so why should this auth mechanism?
