Date: Mon, 30 Apr 2007 21:15:42 +0200 From: Michael Nottebrock <lofi@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6 Message-ID: <200704302115.49754.lofi@freebsd.org> In-Reply-To: <20070429052519.GB99449@svzserv.kemerovo.su> References: <200704262349.l3QNnmro085350@freefall.freebsd.org> <4633BDE9.7080103@yahoo.com> <20070429052519.GB99449@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart3660441.g4SKycOeRV Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday, 29. April 2007, Eugene Grosbein wrote: > On Sat, Apr 28, 2007 at 05:34:33PM -0400, Peter Thoenen wrote: > > Umm maybe its just but I fail to see why this is a security advisory > > (initially caught this on the OBSD list). You are following the RFC .. > > if you don't like "evil" packets, then drop them at the firewall or > > router layer ... don't see the need for an OS fix. > > Design flow in the RFC still may be security vulnerability, doesn't it? The last "fix" for a IPv6 design flaw contributed by OpenBSD (disable=20 IPv4-mapped IPv6 addresses by default) caused rather unpleasant side-effect= s=20 in a number of applications. Will this change have similar effects? I've=20 gathered by now that in OpenBSD there is little concern for such things. =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --nextPart3660441.g4SKycOeRV Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQBGNkBfXhc68WspdLARAno7AJ4pkybUoYLRxAcTiH0K4KuOIkR0SwCfUHtS oJaRPPqw1CRvahVwvUUG+YA= =nSFo -----END PGP SIGNATURE----- --nextPart3660441.g4SKycOeRV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704302115.49754.lofi>