Date: Sun, 19 Sep 2004 02:45:44 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: stheg olloydson <stheg_olloydson@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: Random source ports in FreeBSD? Message-ID: <20040919023634.I11704@odysseus.silby.com> In-Reply-To: <20040918222428.97931.qmail@web53902.mail.yahoo.com> References: <20040918222428.97931.qmail@web53902.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Sep 2004, stheg olloydson wrote: > Hello, > > I don't think Mr Gerun has a problem with the way port randomizing is > implemented. I believe that because he couldn't find any information > about FBSD doing port randomization, he thought it wasn't implemented > at all, so he wrote some patches to enable it. > I missed this bit in the Release Notes myself. Thanks for the effort! I > do have a question, though. I don't understand the commit procedure, so > I have always been a little perplexed by some of the nomenclature in > the CVS log. For example, entries 1.143-1.46 are to Branch: Main, while > 1.59.2.27.2.1 is to Branch: RELENG_4_10 ans 1.5.2.28 is to Branch: > RELENG_4. What exactly Branch: Main? Is it RELENG_5? If so, does that > mean your changes are not in RELENG_5_2? > > Regards, > > Stheg Branch Main is -CURRENT; right now that means it's 6.0, but back when I did the commit, it was 5.2-CURRENT, and RELENG_5 did not yet exist. You are correct that port randomization was not merged into the releng_5_2 branch. Your other deductions are correct, AFAIK. To take this a bit more back on-topic, port randomization was not merged into the security branches because we don't consider RST attacks to be a threat to most users. Once we have finalized fixes for the RST and SYN vectors of the attack, we'll merge those changes, but only to 5-stable and 4-stable. (If you feel that those changes should be merged to the security branches, please tell me AFTER the fixes go in, not now - I don't need the distraction.) Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040919023634.I11704>