Date: Fri, 21 Nov 2014 10:52:05 +0000 From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Craig Rodrigues <rodrigc@FreeBSD.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org>, freebsd-arch <freebsd-arch@freebsd.org> Subject: Re: VIMAGE + pf security fix? Message-ID: <D6419901-F61B-4599-B4AA-D3E64A79C690@FreeBSD.org> In-Reply-To: <CAG=rPVewFvRWhVAk-3_A8NS2_MbymsX1wBQbcbOfg6RgTfiw1w@mail.gmail.com> References: <CAG=rPVfRmoaGvcCnDdBSF6=NxEfi7=PhbQkncb6Z_WrRMZtjmQ@mail.gmail.com> <CAG=rPVewFvRWhVAk-3_A8NS2_MbymsX1wBQbcbOfg6RgTfiw1w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Nov 2014, at 08:06 , Craig Rodrigues <rodrigc@FreeBSD.org> wrote: > On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues = <rodrigc@freebsd.org> > wrote: >=20 >> On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb <bz@freebsd.org> = wrote: >>=20 >>>=20 >>> For people to use pf with VIMAGE we first MUST have the security fix >>> imported that I pointed out a couple of times in the past. >>>=20 >>=20 >> At this link: = http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2010-3830 >>=20 >> I see the security issue mentioned, but I can't find the patch that = fixes >> the problem. >> Where is the patch? >>=20 >=20 > I read this link: > = http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-= filter-local-kernel-vulnerability >=20 > and I think this is the fix: > = http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=3D1.23= 6&content-type=3Dtext/x-cvsweb-markup >=20 > but I can=92t even apply that patch to our pf_ioctl.c. to my best knowledge we have never pulled a fix for this in. The last = =93sync=94 of pf was way before that vulnerability (unless I completely = missed something). =97=20 Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6419901-F61B-4599-B4AA-D3E64A79C690>