From: Paul Mackerras <paulus@samba.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16063.40072.101121.244892@argo.ozlabs.ibm.com>
Date: Mon, 12 May 2003 23:07:20 +1000
To: Frank Cusack <fcusack@fcusack.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: MPPE in kernel?
In-Reply-To: <20030512060210.C29881@google.com>
References: <20030512045929.C29781@google.com>
	<16063.38221.73659.403481@argo.ozlabs.ibm.com>
	<20030512060210.C29881@google.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1202
Lines: 28

Frank Cusack writes:

> I have the compressor return a 3-valued return code (<0, 0, >0) instead of
> two-valued (>0, other).  A negative value tells ppp_generic to drop the
> packet.  0 means the same as it does now--the compressor failed for some
> reason.  (All current compressors always return 0 or >0, so the negative
> return is compatible.)
> 
> 0 could also mean that CCP isn't up yet, but pppd userland doesn't allow
> NCP's to come up until CCP completes (iff trying to negotiate MPPE).

Hmmm, and are you sure that nothing can cause CCP to go down?  If it
does then ppp_generic will send data uncompressed.  What would happen
if an attacker managed to insert a CCP terminate-request into the
receive stream somehow?

I think the whole thing needs a careful audit.  The idea that you fall
back to sending and receiving uncompressed data if CCP goes down or a
compressor fails is pretty fundamental to the CCP implementation in
ppp_generic.

Paul.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/