Thread (32 messages) 32 messages, 4 authors, 2021-09-25

Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default

From: David Ahern <hidden>
Date: 2021-09-25 01:57:31
Also in: linux-crypto, linux-kselftest, lkml

On 9/21/21 10:14 AM, Leonard Crestez wrote:
This is mainly intended to protect against local privilege escalations
through a rarely used feature so it is deliberately not namespaced.

Enforcement is only at the setsockopt level, this should be enough to
ensure that the tcp_authopt_needed static key never turns on.

No effort is made to handle disabling when the feature is already in
use.
MD5 does not require a sysctl to use it, so why should this auth mechanism?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help