On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn <ahferro...@gmail.com> wrote: >> > On the other hand, based on what you are saying about your device, it sounds > like you are working on some kind of cryptographically secured (either > authenticated or encrypted or both) tunnel, in which case the fact that > security is easier to handle with netlink than ioctls becomes important. If > you can't ensure security of the endpoint configuration, you can't ensure > security of the tunnel itself.
Could you substantiate these claims that "security is easier to handle with netlink". I've never heard this and I don't know why it'd be the case. Are you referring to the fact that the copy_to/from_user dance of ioctl opens up more potential vulnerabilities than netlink's abstracted validation? Or something else? Just confused here... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
