[ovs-dev] [PATCH RFC] SECURITY: New document describing proposed security process for OVS.
Thomas Graf
tgraf at noironetworks.com
Fri Jan 2 23:22:27 UTC 2015
On 01/02/15 at 03:01pm, Ben Pfaff wrote:
> On Fri, Jan 02, 2015 at 11:53:26PM +0100, Thomas Graf wrote:
> > Looks great. Do we want to include a couple of examples of what
> > would classify as a vulnerability?
>
> Sure. Some that come randomly to mind:
>
> * A crafted packet that causes a kernel or userspace crash.
>
> * A flow translation bug that misforwards traffic in a way
> likely to hop over security boundaries.
>
> * An OpenFlow protocol bug that allows a controller to read
> arbitrary files from the file system.
>
> * Misuse of the OpenSSL library that allows bypassing
> certificate checks.
* A bug (memory corruption, overflow, ...) that allows to
illegally modify the behaviour of OVS through external
configuration interfaces such as OVSDB.
* Privileged information is exposed to unprivileged users.
More information about the dev
mailing list