Re: Is ndo_do_ioctl still acceptable?

From: Jason A. Donenfeld
Date: Thu Nov 12 2015 - 17:19:15 EST

On Thu, Nov 12, 2015 at 9:30 PM, Austin S Hemmelgarn
<ahferroin7@xxxxxxxxx> wrote:
> On the other hand, based on what you are saying about your device, it sounds
> like you are working on some kind of cryptographically secured (either
> authenticated or encrypted or both) tunnel, in which case the fact that
> security is easier to handle with netlink than ioctls becomes important. If
> you can't ensure security of the endpoint configuration, you can't ensure
> security of the tunnel itself.

Could you substantiate these claims that "security is easier to handle
with netlink". I've never heard this and I don't know why it'd be the
case. Are you referring to the fact that the copy_to/from_user dance
of ioctl opens up more potential vulnerabilities than netlink's
abstracted validation? Or something else? Just confused here...
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at