From owner-freebsd-security  Sat May 12 22: 6:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from one.net (ip-216-23-48-192.adsl.one.net [216.23.48.192])
	by hub.freebsd.org (Postfix) with ESMTP id A33A937B424
	for <freebsd-security@FreeBSD.ORG>; Sat, 12 May 2001 22:06:25 -0700 (PDT)
	(envelope-from cokane@one.net)
Received: (from cokane@localhost)
	by one.net (8.11.3/8.11.3) id f4D5MTv00633;
	Sun, 13 May 2001 01:22:29 -0400 (EDT)
	(envelope-from cokane)
Date: Sun, 13 May 2001 01:22:29 -0400
From: Coleman Kane <cokane@FreeBSD.ORG>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Retal <lirandb@netvision.net.il>, freebsd-security@FreeBSD.ORG
Subject: Re: Some Kernel options, sc is broken
Message-ID: <20010513012229.A561@cokane.yi.org>
References: <002601ba1df7$4da07940$b88f39d5@a> <xzp7kzplgel.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <xzp7kzplgel.fsf@flood.ping.uio.no>; from des@ofug.org on Thu, May 10, 2001 at 11:09:06AM +0200
X-Vim: vim:tw=70:ts=4:sw=4
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Well, their is brokeness here. The sc driver no longer reads the flags
from the hints correctly. I realized this when my USB keyboard would not
attach to the console if it was probed after boot. I have one of the
early VIA 586 chips with a broken USB controller on it (windows uses
the 'USB filter patch' to make it more reliable). Basically, sometimes
it returns an error on probe and has to be unplugged and plugged back
in until it works. Well, I can't set the flag to allow the sc driver to
constantly probe until it finds a kbd, so I have to reboot remotely. I
sent mail to the last committer and haven't gotten a reply. I haven't
had the time or I would have fixed it myself.

Dag-Erling Smorgrav had the audacity to say:
> "Retal" <lirandb@netvision.net.il> writes:
> > options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
> 
> This option has no (visible) effect unless you use a USB keyboard.
> 
> > options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
> 
> This option has no effect unless you set tcp_drop_synfin="YES" in
> /etc/rc.conf.
> 
> > options         TCP_RESTRICT_RST        #restrict emission of TCP RST
> 
> Don't.  Use blackhole(4) instead.
> 
> > options         ICMP_BANDLIM
> 
> This option has an easily demonstrable effect: try running 'nmap -sS'
> against your machine.
> 
> > BTW: if i add TCP_DROP_SYNFIN, it should effect setup option in my
> > firewall ?if it is, how ?
> 
> See the rc.conf(5) man page.
> 
> DES
> -- 
> Dag-Erling Smorgrav - des@ofug.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message