Date: Fri, 1 Mar 2002 13:41:23 -0500 From: Leo Bicknell <bicknell@ufp.org> To: Luigi Rizzo <rizzo@icir.org> Cc: Bob Bishop <rb@gid.co.uk>, "George V. Neville-Neil" <gnn@neville-neil.com>, Doug Ambrisko <ambrisko@ambrisko.com>, hackers@FreeBSD.ORG Subject: Re: Multicast problem with sis interface? Message-ID: <20020301184123.GA5908@ussenterprise.ufp.org> In-Reply-To: <20020301035623.A32974@iguana.icir.org> References: <200203010557.VAA1802420@meer.meer.net> <rb@gid.co.uk> <4.3.2.7.2.20020222165515.00c14850@gid.co.uk> <200203010557.VAA1802420@meer.meer.net> <4.3.2.7.2.20020301112956.00c5b550@gid.co.uk> <20020301035623.A32974@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In a message written on Fri, Mar 01, 2002 at 03:56:23AM -0800, Luigi Rizzo wrote:
> ok, these three drivers behave as follows:
>
> "ed" pads with whatever is left in the transmit buffer from
> earlier transmissions;
> "vr" pads with whatever is available in the mbuf after the actual data;
I point out both of these are security risks. Granted, fairly
minor, but they allow someone to get all/part of a previous packet's
data, when they should have it. This sort of thing has been used
as an attack vector before. I think fixing these to pad with some
generated (0's, 1's, /dev/random, whatever) should be a top priority.
--
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020301184123.GA5908>