Brace yourselves, more netfilter bugs are coming! https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt … Bets on number of bugs in the first week
-
-
Now, turns out there is also "netfilter tables API": https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt … which reimplements all of the same with another set of expressions, objects, containers, registers, control flow, etc _and_ also includes all of the legacy "xtables" recursively:https://github.com/google/syzkaller/blob/master/sys/linux/socket_netlink_netfilter_nftables.txt#L400-L412 …
Prikaži ovu nit -
nf_table_api.c (just a subpart) is 8K lines of complex stateful C code: https://elixir.bootlin.com/linux/v5.5-rc6/source/net/netfilter/nf_tables_api.c … Wonder what amount of resources was put into testing all of this... Like really testing, not just on few expected scenarios. All of this is open to any unpriv user and containers.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.