From owner-freebsd-bugs Tue Oct 24 22:40: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AC7BB37B479 for ; Tue, 24 Oct 2000 22:40:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id WAA65931; Tue, 24 Oct 2000 22:40:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Tue, 24 Oct 2000 22:40:02 -0700 (PDT) Message-Id: <200010250540.WAA65931@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Robin Melville Subject: Re: bin/22238: User PPP "deny_incoming" option does not deny incoming connections Reply-To: Robin Melville Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/22238; it has been noted by GNATS. From: Robin Melville To: Ruslan Ermilov Cc: FreeBSD-gnats-submit@FreeBSD.ORG, security-officer@.highwire.local Subject: Re: bin/22238: User PPP "deny_incoming" option does not deny incoming connections Date: Wed, 25 Oct 2000 06:30:44 +0100 At 6:33 pm +0300 23/10/00, Ruslan Ermilov wrote: >We had the discussion recently with Brian Somers on this topic. >Hopefully, we will come up with a solution shortly. Given that this situation has serious security implications for users of this feature, isn't there a case to be made for at least a FreeBSD security advisory. Or, since this code is shared across several platforms, a CERT advisory? It's a little alarming that this is a known problem but users have not been warned. Best wishes, Robin. -- ---------------------------------------------------------------------- Robin Melville, Addiction Information Services Nottingham Alcohol & Drug Team work: robmel@nadt.org.uk http://www.nadt.org.uk/ home: robmel@innotts.co.uk http://www.innotts.co.uk/~robmel ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message