Hi Eric,
On Fri, Feb 15, 2013 at 02:31:27AM -0800, Eric W. Biederman wrote:
> > I'm not saying this will
> > not eventually happen, but there are significant risks associated with
> > this feature. Netfilter had this in the window tracking patches around
> > 2002-2003 and this had to be reverted
Willy Tarreau writes:
> Hi Eric,
>
> On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>> > On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
>> > wrote:
>> >> Kees Cook writes:
>> >>
>> >>> The patch would not break it -- it defaults the sysctl to st
Hi Eric,
On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
> Kees Cook writes:
>
> > On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
> > wrote:
> >> Kees Cook writes:
> >>
> >>> The patch would not break it -- it defaults the sysctl to staying enabled.
> >>>
> >>> If you me
Kees Cook writes:
> On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> The patch would not break it -- it defaults the sysctl to staying enabled.
>>>
>>> If you mean the documentation should be updated, sure, that's easy to do.
>>>
>>> David: I know you aren
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> The patch would not break it -- it defaults the sysctl to staying enabled.
>>
>> If you mean the documentation should be updated, sure, that's easy to do.
>>
>> David: I know you aren't a fan of this patch, but I'd
Kees Cook writes:
> The patch would not break it -- it defaults the sysctl to staying enabled.
>
> If you mean the documentation should be updated, sure, that's easy to do.
>
> David: I know you aren't a fan of this patch, but I'd like to try to
> convince you. :) This leaves the feature enabled
On 02/07/2013 10:44 AM, Kees Cook wrote:
>>
>> This patch probably also breaks TCP STUNT that is used by some applications
>> for NAT
>> traversal.
>
> The patch would not break it -- it defaults the sysctl to staying enabled.
>
> If you mean the documentation should be updated, sure, that's eas
From: Kees Cook
Date: Thu, 7 Feb 2013 10:44:02 -0800
> David: I know you aren't a fan of this patch, but I'd like to try to
> convince you. :) This leaves the feature enabled and add a toggle for
> systems (like Chrome OS) that don't want to risk this DoS at all.
> There are so very many other to
On Thu, Feb 7, 2013 at 10:39 AM, Stephen Hemminger
wrote:
> On Thu, 7 Feb 2013 09:52:40 -0800
> Kees Cook wrote:
>
>> This is based on Willy Tarreau's patch from 2008[1]. The goal is to
>> close a corner-case of TCP that isn't used and poses a small DoS risk.
>> For systems that do not want to ta
On Thu, 7 Feb 2013 09:52:40 -0800
Kees Cook wrote:
> This is based on Willy Tarreau's patch from 2008[1]. The goal is to
> close a corner-case of TCP that isn't used and poses a small DoS risk.
> For systems that do not want to take any risk at all, this is a desirable
> configuration knob.
>
>
Sorry I'm not applying this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS risk.
For systems that do not want to take any risk at all, this is a desirable
configuration knob.
It is possible for two clients to connect with crossed SYNs witho
12 matches
Mail list logo
