Date: 29 Nov 2002 00:01:42 +0300 From: "Vladimir B. " Grebenschikov <vova@sw.ru> To: Luigi Rizzo <luigi@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/ipfw ipfw2.c Message-ID: <1038517300.749.10.camel@vbook> In-Reply-To: <20021128123857.A70108@xorpc.icir.org> References: <200211261958.gAQJwCal000509@repoman.freebsd.org> <1038477062.764.83.camel@vbook> <20021128123857.A70108@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=F7 Thu, 28.11.2002, =D7 23:38, Luigi Rizzo =CE=C1=D0=C9=D3=C1=CC: > On Thu, Nov 28, 2002 at 12:51:03PM +0300, Vladimir B. Grebenschikov wrot= e: > ... > > So, one can abuse kernel by invalid ipfw instruction sequence, may be > > kernel should check this while add rule ? >=20 > yes the kernel it should check, i will try to add the (trivial) > check code soon. > On the other hand this can only happen as root, and there is > a simpler way to panic a system: >=20 > cat /dev/zero > /dev/mem >=20 > so i guess this is not more dangerous. Of course root have a lot of ways to panic system. But I think it is better to detect miss-configuration instead of panic if it is possible. > cheers > luigi --=20 Vladimir B. Grebenschikov <vova@sw.ru> SWsoft Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1038517300.749.10.camel>