| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
resolved: limit the number of signature validations in a transaction
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
According to RFC9267, the 2500 value is not helpful, and in fact it can
be harmful to permit a large number of iterations. Combined with limits
on the number of signature validations, I expect this will mitigate the
impact of maliciously crafted domains designed to cause excessive
cryptographic work.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It has been demonstrated that tolerating an unbounded number of dnssec
signature validations is a bad idea. It is easy for a maliciously
crafted DNS reply to contain as many keytag collisions as desired,
causing us to iterate every dnskey and signature combination in vain.
The solution is to impose a maximum number of validations we will
tolerate. While collisions are not hard to craft, I still expect they
are unlikely in the wild so it should be safe to pick fairly small
values.
Here two limits are imposed: one on the maximum number of invalid
signatures encountered per rrset, and another on the total number of
validations performed per transaction.
|
| |/ / /
|/| | |
| | | |
| | | | |
Fixes #31485.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
These settings are leated to sd-ndisc and Neighbor Discovery protocol.
Let's use more suitable name.
|
| | | | |
|
| |_|/
|/| |
| | |
| | |
| | | |
GIT_VERSION isn't actually available so use VERSION_TAG instead which
is available.
|
|\ \ \
| | | |
| | | | |
network/varlink: several trivial cleanups
|
| | | | |
|
|/ / / |
|
| | | |
|
|\ \ \
| | | |
| | | | |
sd-ndisc,sd-radv: several trivial cleanups
|
| | | |
| | | |
| | | |
| | | | |
Then, let's not modify the global object.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- split out radv_setup_recv_event(),
- slightly update log messages,
- use DIV_ROUND_UP(),
- use structured initializer more.
No functional change, just preparation for later commits.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- update several log messages,
- use event_reset_time_relative(),
- split out ndisc_setup_recv_event() and ndisc_setup_timer().
No functional change, just refactoring and preparation for later commits.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
icmp6_bind()
No functional change, just refactoring.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, the function supports packets without IPv6 sender address
for unit tests. However, now unit tests use their own version of
icmp6_receive(). Hence, let's make the check more strict.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
No functional change. Preparation for supporting Neighbor Advertisement
message.
|
| | | |
| | | |
| | | |
| | | | |
As we call ndisc_drop_outdated() with USEC_INFINITY on stop.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
systemctl: generalize GetUnitByPIDFD handling
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Follow-up for e0e7bc8223c3f28fcb48db9f0f003d9f03ca46d7
This allows us to pin the process locally when GetUnitByPIDFD
is not available, just like what we have been doing for
'systemctl whoami'. Also, fix looking up remote pid.
We can't use pidfd for those.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|/ / / / |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Skip using pidfds if we get a permission denied error.
This can happen with an old policy and a new kernel that uses the
new pidfs filesystem to back pidfds, instead of anonymous inodes,
as the existing policy denies access.
This is already the case for most uses of pidfd_open, like pidref,
but not on these two. Fix them.
|
| | |
| | |
| | |
| | |
| | |
| | | |
Add support for the following device:
- ID 0fd9:0084 Elgato Systems GmbH Stream Deck Plus
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With meson build --werror --buildtype=plain -Dc_args=" -O2" the build fails:
../src/boot/efi/stub.c: In function ‘load_addons.constprop’:03:06
../src/boot/efi/stub.c:475:40: error: using a dangling pointer to ‘p’ [-Werror=dangling-pointer=]03:06
475 | dt_bases[n_dt] = xmemdup((uint8_t*)loaded_addon->ImageBase + addrs[UNIFIED_SECTION_DTB],03:06
| ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~03:06
476 | dt_sizes[n_dt]);03:06
| ~~~~~~~~~~~~~~~03:06
In file included from ../src/boot/efi/stub.c:20:03:06
../src/boot/efi/util.h:33:15: note: ‘p’ declared here03:06
33 | void *p;03:06
| ^
De-inline the function and initialize p to make gcc happy.
|
|\ \ \
| | | |
| | | | |
vmspawn: disable all TPM PCR banks, except for SHA256
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
By default swtpm runs with four banks: SHA1, SHA256, SHA384, SHA512.
This means all data that is part of the boot will be hashed four times,
which slows everything down.
Let's restrict things to SHA256 only, which is the one that really
matters. SHA1 is no up to today's standards anyway, and noone really
consumes the other two, hence no point in enabling this.
To disable the banks we need to call swtpm_setup with --pcr-banks. Do
so.
|
| | | |
| | | |
| | | |
| | | | |
I am a bit surprised this compiled at all...
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
in uid0/systemd-run/nspawn we already set a window title with a colorful
unicode dot indicating the changed privileges/execution context. This typically
gets overriden by the shell inside the environment however.
Let's tweak this a bit: when we see the window title OSC ANSI sequence
passing through, let's patch in the unicode dot as a prefix to the
title.
This is super pretty, since it makes sure root sessions via 0ad are
really easily recognizable as such, because the window title carries an
🔴 red dot as prefix then.
|
|\ \ \ \
| | | | |
| | | | | |
Detect virtualization on RISC-V
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
SMBIOS support in QEMU for RISC-V is merged upstream.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
| |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
|
| | | |
| | | |
| | | |
| | | | |
args list
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
Restore docs urls
|
| | | | |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 5e8ff010a1436d33bbf3c108335af6e0b4ff7a2a.
This broke all the URLs, we can't have that. (And actually, we probably don't
_want_ to make the change either. It's nicer to have all the pages in one
directory, so one doesn't have to figure out to which collection the page
belongs.)
|
|\ \ \
| | | |
| | | | |
sd-stub: drop any support for TPM 1.2
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
TPM 1.2 is obsolete, and doesn't really provide much security guarantees
given it's build around SHA1 which is not up to today's standards.
The rest of systemd's TPM codebase never supported TPM 1.2 hence let's
drop this partial support in sd-stub too. It has created problems after
all (sd-stub reported the measuements and userspace assumed these were
for TPM2), without bringing any benefits (given that the measurements we
make are not consumed by us anyway, unlike those for TPM 2.0)
let's cut off this old support.
|
| | | | |
|