On Mon, Oct 23, 2017 at 01:39:44PM -0400, Doug Ledford wrote: > On Mon, 2017-10-23 at 20:12 +0300, Leon Romanovsky wrote: > > On Mon, Oct 23, 2017 at 10:49:24AM -0400, Doug Ledford wrote: > > > On 10/23/2017 4:11 AM, Leon Romanovsky wrote: > > Doug, > > > > It has very little related to security here. The RDMA_NL_LS netlink > > operations require CAP_NET_ADMIN capability set and it is checked > > before > > calling any callback. > > I disagree. In this particular case, it wasn't a nefarious user, it > was a simple misconfiguration that cause the kernel to oops. So even > if you have CAP_NET_ADMIN, you still don't want a user space issue to > oops the kernel. If you simply don't allow it to happen, then whether > the CAP_NET_ADMIN program has been compromised by a black hat user is > irrelevant. That seems the right way to be to me. OK, fix exists and if you want to call it "security issue", let's call it so. Despite the fact that root misconfigured the system, root run the program, root crashed the system, like all over kernel oops we are seeing in linux kernel. Thanks > > -- > Doug Ledford <dledford@xxxxxxxxxx> > GPG KeyID: B826A3330E572FDD > Key fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD >
Attachment:
signature.asc
Description: PGP signature
