Date: Fri, 19 Aug 2005 22:49:07 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Mike Tancsa <mike@sentex.net> Cc: FreeBSD-current <freebsd-current@FreeBSD.org>, Maxim.Sobolev@portaone.com Subject: Re: VIA/ACE PadLock integration with crypto(9). Message-ID: <20050819204906.GA716@garage.freebsd.pl> In-Reply-To: <6.2.3.4.0.20050819111323.0845edd0@64.7.153.2> References: <20050812182032.GB27996@garage.freebsd.pl> <6.2.3.4.0.20050816145557.03314eb8@64.7.153.2> <20050817143804.GH11066@garage.freebsd.pl> <6.2.3.4.0.20050817225907.06f81c50@64.7.153.2> <20050818071648.GA16021@garage.freebsd.pl> <6.2.3.4.0.20050818043546.05558420@64.7.153.2> <20050818115734.GB16933@garage.freebsd.pl> <4304873F.1060008@portaone.com> <20050818162016.GC18375@garage.freebsd.pl> <6.2.3.4.0.20050819111323.0845edd0@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Aug 19, 2005 at 11:23:56AM -0400, Mike Tancsa wrote: +> At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote: +> >+> +> >+> It probably worth a security advisory. +> >It's only a local DoS on systems with crypto HW and /dev/crypto. +> >Note that /dev/crypto is not needed for fast_ipsec(4) with HW +> >acceleration, nor for geli(8). +> >Workaround is also very simple: +> > # chmod 600 /dev/crypto +> +> FYI, +> I have been running with the patch on a RELENG_4 box and it prevents the DoS [...] +> Any chance to MFC it back to RELENG_4 ? Done. -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD4DBQFDBkXCForvXbEpPzQRAtfZAJdCeCCKmwe23yLES1y4mWQ4hHZKAKC3kFdI 0/KHNjaYNOjpMUbyIzCExg== =/YE6 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050819204906.GA716>