[openib-general] Re: CM patch for 2.6.17 merge
Caitlin Bestler
caitlinb at broadcom.com
Tue Apr 4 14:42:27 PDT 2006
openib-general-bounces at openib.org wrote:
> Quoting r. Roland Dreier <rdreier at cisco.com>:
>> Subject: Re: CM patch for 2.6.17 merge
>>
>> Michael> The second is a security fix, its a must.
>>
>> Not sure I understand this. What's the exploit?
>
> Connecting from userspace to an SDP socket. People expect
> sockets to be kernel-level.
To be fair, I do not think that users have a reasonable
expectation that merely because they are using a socket
that all traffic will be subject to kernel validation
and inspection.
But I do believe that most people assume that when they
connect a socket that the kernel will block them if the
connection is contrary to netfilter policies.
More information about the general
mailing list