Hi Eric,
On Fri, Feb 15, 2013 at 02:31:27AM -0800, Eric W. Biederman wrote:
> > I'm not saying this will
> > not eventually happen, but there are significant risks associated with
> > this feature. Netfilter had this in the window tracking patches around
> > 2002-2003 and this had to be reverted
Willy Tarreau writes:
> Hi Eric,
>
> On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
>> Kees Cook writes:
>>
>> > On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
>> > wrote:
>> >> Kees Cook writes:
>> >>
>> >>> The patch would not break it -- it defaults the sysctl to
Willy Tarreau w...@1wt.eu writes:
Hi Eric,
On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
Kees Cook keesc...@chromium.org writes:
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
The patch
Hi Eric,
On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
> Kees Cook writes:
>
> > On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
> > wrote:
> >> Kees Cook writes:
> >>
> >>> The patch would not break it -- it defaults the sysctl to staying enabled.
> >>>
> >>> If you
Kees Cook writes:
> On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> The patch would not break it -- it defaults the sysctl to staying enabled.
>>>
>>> If you mean the documentation should be updated, sure, that's easy to do.
>>>
>>> David: I know you
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> The patch would not break it -- it defaults the sysctl to staying enabled.
>>
>> If you mean the documentation should be updated, sure, that's easy to do.
>>
>> David: I know you aren't a fan of this patch, but
Kees Cook writes:
> The patch would not break it -- it defaults the sysctl to staying enabled.
>
> If you mean the documentation should be updated, sure, that's easy to do.
>
> David: I know you aren't a fan of this patch, but I'd like to try to
> convince you. :) This leaves the feature enabled
Kees Cook keesc...@chromium.org writes:
The patch would not break it -- it defaults the sysctl to staying enabled.
If you mean the documentation should be updated, sure, that's easy to do.
David: I know you aren't a fan of this patch, but I'd like to try to
convince you. :) This leaves the
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
The patch would not break it -- it defaults the sysctl to staying enabled.
If you mean the documentation should be updated, sure, that's easy to do.
David: I know you
Kees Cook keesc...@chromium.org writes:
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
The patch would not break it -- it defaults the sysctl to staying enabled.
If you mean the documentation should be updated, sure,
Hi Eric,
On Thu, Feb 14, 2013 at 11:10:46PM -0800, Eric W. Biederman wrote:
Kees Cook keesc...@chromium.org writes:
On Thu, Feb 14, 2013 at 9:30 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Kees Cook keesc...@chromium.org writes:
The patch would not break it -- it defaults the
On 02/07/2013 10:44 AM, Kees Cook wrote:
>>
>> This patch probably also breaks TCP STUNT that is used by some applications
>> for NAT
>> traversal.
>
> The patch would not break it -- it defaults the sysctl to staying enabled.
>
> If you mean the documentation should be updated, sure, that's
From: Kees Cook
Date: Thu, 7 Feb 2013 10:44:02 -0800
> David: I know you aren't a fan of this patch, but I'd like to try to
> convince you. :) This leaves the feature enabled and add a toggle for
> systems (like Chrome OS) that don't want to risk this DoS at all.
> There are so very many other
On Thu, Feb 7, 2013 at 10:39 AM, Stephen Hemminger
wrote:
> On Thu, 7 Feb 2013 09:52:40 -0800
> Kees Cook wrote:
>
>> This is based on Willy Tarreau's patch from 2008[1]. The goal is to
>> close a corner-case of TCP that isn't used and poses a small DoS risk.
>> For systems that do not want to
On Thu, 7 Feb 2013 09:52:40 -0800
Kees Cook wrote:
> This is based on Willy Tarreau's patch from 2008[1]. The goal is to
> close a corner-case of TCP that isn't used and poses a small DoS risk.
> For systems that do not want to take any risk at all, this is a desirable
> configuration knob.
>
>
Sorry I'm not applying this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS risk.
For systems that do not want to take any risk at all, this is a desirable
configuration knob.
It is possible for two clients to connect with crossed SYNs
Sorry I'm not applying this.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
On Thu, 7 Feb 2013 09:52:40 -0800
Kees Cook keesc...@chromium.org wrote:
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS risk.
For systems that do not want to take any risk at all, this is a desirable
On Thu, Feb 7, 2013 at 10:39 AM, Stephen Hemminger
step...@networkplumber.org wrote:
On Thu, 7 Feb 2013 09:52:40 -0800
Kees Cook keesc...@chromium.org wrote:
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS
From: Kees Cook keesc...@chromium.org
Date: Thu, 7 Feb 2013 10:44:02 -0800
David: I know you aren't a fan of this patch, but I'd like to try to
convince you. :) This leaves the feature enabled and add a toggle for
systems (like Chrome OS) that don't want to risk this DoS at all.
There are so
On 02/07/2013 10:44 AM, Kees Cook wrote:
This patch probably also breaks TCP STUNT that is used by some applications
for NAT
traversal.
The patch would not break it -- it defaults the sysctl to staying enabled.
If you mean the documentation should be updated, sure, that's easy to do.
This is based on Willy Tarreau's patch from 2008[1]. The goal is to
close a corner-case of TCP that isn't used and poses a small DoS risk.
For systems that do not want to take any risk at all, this is a desirable
configuration knob.
It is possible for two clients to connect with crossed SYNs
23 matches
Mail list logo
