25 Sep
2021
25 Sep
'21
1:57 a.m.
On 9/21/21 10:14 AM, Leonard Crestez wrote:
This is mainly intended to protect against local privilege escalations through a rarely used feature so it is deliberately not namespaced.
Enforcement is only at the setsockopt level, this should be enough to ensure that the tcp_authopt_needed static key never turns on.
No effort is made to handle disabling when the feature is already in use.
MD5 does not require a sysctl to use it, so why should this auth mechanism?