All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/1] Change ping_group_range default to what Android's init script sets.
@ 2017-10-31  3:39 Rob Landley
  2017-10-31  8:27 ` David Miller
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Rob Landley @ 2017-10-31  3:39 UTC (permalink / raw)
  To: linux-kernel, davem, kuznet, ebiederm, xiyou.wangcong, yoshfuji, segoon

From: Rob Landley <rob@landley.net>

See message from the Android "native tools and libraries team" lead
(I.E. the maintainer of bionic, adb, toolbox, etc) at
http://lists.landley.net/pipermail/toybox-landley.net/2017-July/009103.html

Signed-off-by: Rob Landley <rob@landley.net>
---

 net/ipv4/af_inet.c |    8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index e31108e..5b39a96 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1712,12 +1712,8 @@ static __net_init int inet_init_net(struct net *net)
 	net->ipv4.ip_local_ports.range[1] =  60999;
 
 	seqlock_init(&net->ipv4.ping_group_range.lock);
-	/*
-	 * Sane defaults - nobody may create ping sockets.
-	 * Boot scripts should set this to distro-specific group.
-	 */
-	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
-	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
+	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 0);
+	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 2147483647);
 
 	/* Default values for sysctl-controlled parameters.
 	 * We set them here, in case sysctl is not compiled.

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Change ping_group_range default to what Android's init script sets.
  2017-10-31  3:39 [PATCH 1/1] Change ping_group_range default to what Android's init script sets Rob Landley
@ 2017-10-31  8:27 ` David Miller
  2017-10-31 17:10 ` Randy Dunlap
  2017-10-31 18:44 ` Eric W. Biederman
  2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2017-10-31  8:27 UTC (permalink / raw)
  To: rob; +Cc: linux-kernel, kuznet, ebiederm, xiyou.wangcong, yoshfuji, segoon


Please CC: netdev@vger.kernel.org for all networking patches.  Asking
qustions on lkml about networking issues is unlikely to obtain a
response.

Also, instead of giving an external refernce to a web site discussion,
you must explain _in painful detail_ in your commit message the
reasons for making this change.  Just "Android does it this way" is
not an acceptable reason.

People should be able to read the commit message and completely
understand why a change was made.

Thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Change ping_group_range default to what Android's init script sets.
  2017-10-31  3:39 [PATCH 1/1] Change ping_group_range default to what Android's init script sets Rob Landley
  2017-10-31  8:27 ` David Miller
@ 2017-10-31 17:10 ` Randy Dunlap
  2017-10-31 18:44 ` Eric W. Biederman
  2 siblings, 0 replies; 4+ messages in thread
From: Randy Dunlap @ 2017-10-31 17:10 UTC (permalink / raw)
  To: Rob Landley, linux-kernel, davem, kuznet, ebiederm,
	xiyou.wangcong, yoshfuji, segoon

On 10/30/2017 08:39 PM, Rob Landley wrote:
> From: Rob Landley <rob@landley.net>
> 
> See message from the Android "native tools and libraries team" lead
> (I.E. the maintainer of bionic, adb, toolbox, etc) at
> http://lists.landley.net/pipermail/toybox-landley.net/2017-July/009103.html
> 
> Signed-off-by: Rob Landley <rob@landley.net>
> ---
> 
>  net/ipv4/af_inet.c |    8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index e31108e..5b39a96 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -1712,12 +1712,8 @@ static __net_init int inet_init_net(struct net *net)
>  	net->ipv4.ip_local_ports.range[1] =  60999;
>  
>  	seqlock_init(&net->ipv4.ping_group_range.lock);
> -	/*
> -	 * Sane defaults - nobody may create ping sockets.
> -	 * Boot scripts should set this to distro-specific group.
> -	 */
> -	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
> -	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
> +	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 0);
> +	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 2147483647);

It would help me to know that that magic number is 0x7fffffff.

>  	/* Default values for sysctl-controlled parameters.
>  	 * We set them here, in case sysctl is not compiled.
> 


-- 
~Randy

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/1] Change ping_group_range default to what Android's init script sets.
  2017-10-31  3:39 [PATCH 1/1] Change ping_group_range default to what Android's init script sets Rob Landley
  2017-10-31  8:27 ` David Miller
  2017-10-31 17:10 ` Randy Dunlap
@ 2017-10-31 18:44 ` Eric W. Biederman
  2 siblings, 0 replies; 4+ messages in thread
From: Eric W. Biederman @ 2017-10-31 18:44 UTC (permalink / raw)
  To: Rob Landley
  Cc: linux-kernel, davem, kuznet, xiyou.wangcong, yoshfuji, segoon, netdev

Rob Landley <rob@landley.net> writes:

> From: Rob Landley <rob@landley.net>
>
> See message from the Android "native tools and libraries team" lead
> (I.E. the maintainer of bionic, adb, toolbox, etc) at
> http://lists.landley.net/pipermail/toybox-landley.net/2017-July/009103.html

Sigh.  The list has no https access so it is unreachable here, and even
if it were I would not be able to verify that was not some spoofed
or someone was not hacking the contents of the list archive in flight.

As for the patch itself going from no group is allowed to reate ping sockets by
default to everyone may create ping sockets by default seems potentially
dangerous.

Why in the world would this be safe?
Why would this be wise?

Eric


> Signed-off-by: Rob Landley <rob@landley.net>
> ---
>
>  net/ipv4/af_inet.c |    8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
> index e31108e..5b39a96 100644
> --- a/net/ipv4/af_inet.c
> +++ b/net/ipv4/af_inet.c
> @@ -1712,12 +1712,8 @@ static __net_init int inet_init_net(struct net *net)
>  	net->ipv4.ip_local_ports.range[1] =  60999;
>  
>  	seqlock_init(&net->ipv4.ping_group_range.lock);
> -	/*
> -	 * Sane defaults - nobody may create ping sockets.
> -	 * Boot scripts should set this to distro-specific group.
> -	 */
> -	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
> -	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
> +	net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 0);
> +	net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 2147483647);
>  
>  	/* Default values for sysctl-controlled parameters.
>  	 * We set them here, in case sysctl is not compiled.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-31 18:45 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-31  3:39 [PATCH 1/1] Change ping_group_range default to what Android's init script sets Rob Landley
2017-10-31  8:27 ` David Miller
2017-10-31 17:10 ` Randy Dunlap
2017-10-31 18:44 ` Eric W. Biederman

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.