Re: Is ndo_do_ioctl still acceptable?
From: Jason A. Donenfeld
Date: Thu Nov 12 2015 - 17:19:15 EST
On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn
<ahferroin7@xxxxxxxxx> wrote:
>>
> On the other hand, based on what you are saying about your device, it sounds
> like you are working on some kind of cryptographically secured (either
> authenticated or encrypted or both) tunnel, in which case the fact that
> security is easier to handle with netlink than ioctls becomes important. If
> you can't ensure security of the endpoint configuration, you can't ensure
> security of the tunnel itself.
Could you substantiate these claims that "security is easier to handle
with netlink". I've never heard this and I don't know why it'd be the
case. Are you referring to the fact that the copy_to/from_user dance
of ioctl opens up more potential vulnerabilities than netlink's
abstracted validation? Or something else? Just confused here...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/