From owner-freebsd-security@FreeBSD.ORG  Tue May  1 00:27:06 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D9EB016A403
	for <freebsd-security@freebsd.org>;
	Tue,  1 May 2007 00:27:06 +0000 (UTC)
	(envelope-from lofi@freebsd.org)
Received: from mail-in-06.arcor-online.net (mail-in-06.arcor-online.net
	[151.189.21.46])
	by mx1.freebsd.org (Postfix) with ESMTP id 6083913C4B0
	for <freebsd-security@freebsd.org>;
	Tue,  1 May 2007 00:27:06 +0000 (UTC)
	(envelope-from lofi@freebsd.org)
Received: from mail-in-01-z2.arcor-online.net (mail-in-11-z2.arcor-online.net
	[151.189.8.28])
	by mail-in-06.arcor-online.net (Postfix) with ESMTP id 675BF31EE30
	for <freebsd-security@freebsd.org>;
	Mon, 30 Apr 2007 21:15:52 +0200 (CEST)
Received: from mail-in-04.arcor-online.net (mail-in-04.arcor-online.net
	[151.189.21.44])
	by mail-in-01-z2.arcor-online.net (Postfix) with ESMTP id 5ADE3346AC4
	for <freebsd-security@freebsd.org>;
	Mon, 30 Apr 2007 21:15:52 +0200 (CEST)
Received: from lofi.dyndns.org (dslb-084-062-203-060.pools.arcor-ip.net
	[84.62.203.60])
	by mail-in-04.arcor-online.net (Postfix) with ESMTP id 2841F1C72A8
	for <freebsd-security@freebsd.org>;
	Mon, 30 Apr 2007 21:15:52 +0200 (CEST)
Received: from kiste.my.domain (root@kiste.my.domain [192.168.8.2])
	by lofi.dyndns.org (8.13.8/8.13.3) with ESMTP id l3UJFpU0009001
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-security@freebsd.org>;
	Mon, 30 Apr 2007 21:15:51 +0200 (CEST)
	(envelope-from lofi@freebsd.org)
Received: from kiste.my.domain (lofi@localhost [127.0.0.1])
	by kiste.my.domain (8.13.6/8.13.4) with ESMTP id l3UJFoa0066092
	for <freebsd-security@freebsd.org>;
	Mon, 30 Apr 2007 21:15:50 +0200 (CEST)
	(envelope-from lofi@freebsd.org)
Received: from localhost (localhost [[UNIX: localhost]])
	by kiste.my.domain (8.13.6/8.13.4/Submit) id l3UJFou9066082
	for freebsd-security@freebsd.org; Mon, 30 Apr 2007 21:15:50 +0200 (CEST)
	(envelope-from lofi@freebsd.org)
X-Authentication-Warning: kiste.my.domain: lofi set sender to lofi@freebsd.org
	using -f
From: Michael Nottebrock <lofi@freebsd.org>
To: freebsd-security@freebsd.org
Date: Mon, 30 Apr 2007 21:15:42 +0200
User-Agent: KMail/1.9.6
References: <200704262349.l3QNnmro085350@freefall.freebsd.org>
	<4633BDE9.7080103@yahoo.com>
	<20070429052519.GB99449@svzserv.kemerovo.su>
In-Reply-To: <20070429052519.GB99449@svzserv.kemerovo.su>
X-Face: g:jG2\O{-yqD1x?DG2lU1)(v%xffR"p8Nz(w/*)YEUO\Hn%mGi&-!+rq$&r64,=?utf-8?q?fuP=7E=3Bbw=5C=0A=09=5EQdX?=@v~HEAi?NaE8SU]}.oeYSjN84Fe{M(ahZ.(i+lxyP;
	pr)2[%mGbkY'RmM>=?utf-8?q?+mg3Y=24ip=0A=091?=@Z>[EUaE7tjJ=1DRs~:!uSd""d~:/Er3rpQA%ze|bp>S
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3660441.g4SKycOeRV";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200704302115.49754.lofi@freebsd.org>
X-Virus-Scanned: by amavisd-new
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2007 00:27:06 -0000

--nextPart3660441.g4SKycOeRV
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Sunday, 29. April 2007, Eugene Grosbein wrote:
> On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote:
> > Umm maybe its just but I fail to see why this is a security advisory
> > (initially caught this on the OBSD list).  You are following the RFC ..
> > if you don't like "evil" packets, then drop them at the firewall or
> > router layer ... don't see the need for an OS fix.
>
> Design flow in the RFC still may be security vulnerability, doesn't it?

The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable=20
IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effect=
s=20
in a number of applications. Will this change have similar effects? I've=20
gathered by now that in OpenBSD there is little concern for such things.

=2D-=20
   ,_,   | Michael Nottebrock               | lofi@freebsd.org
 (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
   \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org

--nextPart3660441.g4SKycOeRV
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQBGNkBfXhc68WspdLARAno7AJ4pkybUoYLRxAcTiH0K4KuOIkR0SwCfUHtS
oJaRPPqw1CRvahVwvUUG+YA=
=nSFo
-----END PGP SIGNATURE-----

--nextPart3660441.g4SKycOeRV--