Re: MPPE in kernel?

Paul Mackerras (paulus@samba.org)
Mon, 12 May 2003 23:07:20 +1000


Frank Cusack writes:

> I have the compressor return a 3-valued return code (<0, 0, >0) instead of
> two-valued (>0, other). A negative value tells ppp_generic to drop the
> packet. 0 means the same as it does now--the compressor failed for some
> reason. (All current compressors always return 0 or >0, so the negative
> return is compatible.)
>
> 0 could also mean that CCP isn't up yet, but pppd userland doesn't allow
> NCP's to come up until CCP completes (iff trying to negotiate MPPE).

Hmmm, and are you sure that nothing can cause CCP to go down? If it
does then ppp_generic will send data uncompressed. What would happen
if an attacker managed to insert a CCP terminate-request into the
receive stream somehow?

I think the whole thing needs a careful audit. The idea that you fall
back to sending and receiving uncompressed data if CCP goes down or a
compressor fails is pretty fundamental to the CCP implementation in
ppp_generic.

Paul.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/