From owner-freebsd-stable Tue Apr 30 21:12:43 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 4DF7237B419 for ; Tue, 30 Apr 2002 21:12:37 -0700 (PDT) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g414CV6o119588; Wed, 1 May 2002 00:12:31 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20020430225620.D32402-200000@patrocles.silby.com> References: <20020430225620.D32402-200000@patrocles.silby.com> Date: Wed, 1 May 2002 00:12:30 -0400 To: Mike Silbersack , stable@FreeBSD.ORG From: Garance A Drosihn Subject: Re: Heads Up: Accept filters fixed Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 11:07 PM -0500 4/30/02, Mike Silbersack wrote: >Just a quick note for those of you using accept filters with >a 4.4+ kernel using the syncache: Your accept filters are >broken, and easily DoSable. > >The fix (attached) has now been committed to both 5.0 and 4.5, >so I recommend doing one of two things if you're using accept >filters: How seriously are they broken? Should this be MFC'ed into RELENG_4_5 ? (security-patches branch) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message