From owner-freebsd-security  Wed Aug  2 14:21:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6])
	by hub.freebsd.org (Postfix) with ESMTP id CD4C837BB13
	for <security@FreeBSD.ORG>; Wed,  2 Aug 2000 14:21:28 -0700 (PDT)
	(envelope-from billf@jade.chc-chimes.com)
Received: by jade.chc-chimes.com (Postfix, from userid 1001)
	id 8236F1C70; Wed,  2 Aug 2000 17:21:27 -0400 (EDT)
Date: Wed, 2 Aug 2000 17:21:27 -0400
From: Bill Fumerola <billf@chimesnet.com>
To: Darren Reed <avalon@coombs.anu.edu.au>
Cc: Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG
Subject: Re: Ip packet filtering with bridging on freebsd (fwd)
Message-ID: <20000802172127.E58109@jade.chc-chimes.com>
References: <Pine.BSF.4.21.0008011932420.36719-100000@achilles.silby.com> <200008020236.MAA23561@cairo.anu.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200008020236.MAA23561@cairo.anu.edu.au>; from avalon@coombs.anu.edu.au on Wed, Aug 02, 2000 at 12:36:30PM +1000
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Aug 02, 2000 at 12:36:30PM +1000, Darren Reed wrote:

> But not the time.  I mentioned here what needs to be done, how come nobody
> else has done it ?  Maybe because a PR hasn't been lodged ? :)

Because you mentioned it all of 48 hours ago or so.

> > So why did you take the script-kiddie route and mail bugtraq before any
> > hint of a patch appeared?
> 
> Given the latest flamage from my commits, I don't have time to make and
> test the required changes even so far as compiling goes so that should
> be enough to rule me doing it out.
> 
> It's also not my balliwhack (that section of the code) so I'm not eager
> to step on someone else's toes...

Code that compiles doesn't seem to be your balliwhack either. I'm actually
rather suprised that someone didn't just backout your recent batch entirely.

> btw, don't whinge about it being posted to bugtraq - the patch is not that
> hard and I already spelt out here what needs doing.  Just copy the OpenBSD
> code.

I hope the next time an ipfilter issue comes up whoever finds it is more
courteous then you.

I'm trying to be very non-biased and trying to live in a world where both
ipfw and ipfilter exist on FreeBSD. I'm even trying to make ipfw better,
and I was even going to look at the bridging code after you made mention of
that. Just being an asshole and making broad statements on bugtraq without
even an attempt to mail security-officer@freebsd.org or give everyone time
to check their mail before you mail bugtraq is just unacceptable.

-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billf@chimesnet.com / billf@FreeBSD.org


PS. maybe it's not even the kernels job to make sanity checks before handing
off to the ipfw/ipfilter. What if ipfw/ipfilter wants to look at the original
packet?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message