Date: Fri, 30 Jan 2015 01:20:56 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: jungle Boogie <jungleboogie0@gmail.com> Cc: freebsd-security@freebsd.org, Nick Frampton <nick.frampton@akips.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:02.kmem Message-ID: <20150130011402.P36378@sola.nimnet.asn.au> In-Reply-To: <CAKE2PDsC8dvx23H5DZ_b90F7PmPr3LB8kyw68SbuHgF4Hb%2BnkA@mail.gmail.com> References: <mailman.92.1422446402.71362.freebsd-security@freebsd.org> <20150128194011.2175B19F@hub.freebsd.org> <20150128211910.80082283DA18@rock.dv.isc.org> <54C966BF.9000803@rewt.org.uk> <54C9837C.8090704@akips.com> <CAKE2PDsC8dvx23H5DZ_b90F7PmPr3LB8kyw68SbuHgF4Hb%2BnkA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Jan 2015 17:01:50 -0800, jungle Boogie wrote: > Hi Nick, > On Jan 28, 2015 4:56 PM, "Nick Frampton" <nick.frampton@akips.com> wrote: > > > > On 29/01/15 08:46, Joe Holden wrote: > >> > >> Really, how many SCTP users are there om the wild... maybe one? > >> > >> It shouldn't be in GENERIC at the very least! > > > > > > We use Netflow over SCTP in our network monitoring product, so it would > be a pain to have to build a custom kernel. > > But also a pain to have an exploit when it could be prevented. Are you vulnerable to an SCTP exploit if you're not using SCTP? > Its all about trade offs, right? I seem to recall similar resistance to including IPv6 into GENERIC .. It _would_ be good to know more about who's using SCTP, and for what usage cases it has tangible benefits over TCP, but I guess not here. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150130011402.P36378>