Re: [PATCH 08/19] tcp: authopt: Disable via sysctl by default
From: David Ahern
Date: Fri Sep 24 2021 - 21:57:33 EST
On 9/21/21 10:14 AM, Leonard Crestez wrote:
> This is mainly intended to protect against local privilege escalations
> through a rarely used feature so it is deliberately not namespaced.
>
> Enforcement is only at the setsockopt level, this should be enough to
> ensure that the tcp_authopt_needed static key never turns on.
>
> No effort is made to handle disabling when the feature is already in
> use.
>
MD5 does not require a sysctl to use it, so why should this auth mechanism?