Re: [PATCH] Implement IP_EVIL socket option (RFC 3514)

From: Florian Weimer
Date: Thu Apr 05 2012 - 02:01:49 EST

Next message: Venu Byravarasu: "[PATCH] usb: host: tegra: re-arranging ehci functions"
Previous message: Lin Ming: "Re: [PATCH v3 7/7] [SCSI] sr: adds Zero-power ODD support"
In reply to: Al Viro: "Re: [PATCH] Implement IP_EVIL socket option (RFC 3514)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Al Viro:

> On Wed, Apr 04, 2012 at 09:17:00PM +0200, Florian Weimer wrote:
>> * Martin Lucina:
>>
>> > This patch implements the IP_EVIL socket option, allowing user-space
>> > applications to set the Security Flag in the IPv4 Header, aka "evil" bit,
>> > as defined in RFC 3514.
>>
>> I need this to fix a security issue. Could this be merged for real,
>> please?
>
> I would suggest switching away from your RFC1149 link - looks like your mail
> took 3 days on the way out...

Sorry, I saw it just now.

The idea is to change the JVM to set IP_EVIL when an applet creates a
socket, so that this socket cannot be used to trick firewalls to open
up access to totally unrelated services.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Venu Byravarasu: "[PATCH] usb: host: tegra: re-arranging ehci functions"
Previous message: Lin Ming: "Re: [PATCH v3 7/7] [SCSI] sr: adds Zero-power ODD support"
In reply to: Al Viro: "Re: [PATCH] Implement IP_EVIL socket option (RFC 3514)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]