OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: 2.8 ipfilter traceroute broken?
From: Nino Margetic (ninocng.fr)
Date: Mon Dec 18 2000 - 03:58:31 CST


> The IPF code that is in OpenBSD doesn't follow the latest version of
> IPF due to the auditing and cleanup that is part of OpenBSD (and I'm
> very satisfied about this!), so wouldn't there be some security issues
> to implementing a non-audited version of ipf?

*** If you are *really* paranoid, you can always read the proposed diffs
(which are not *that* complicated) and assure yourself. Otherwise it's
just a question of who do you trust anyway...

> Is 3.3.18 "it" for the duration of 2.8?
> Is there going to be a -STABLE upgrade to 3.3.20 when ready?

*** That would be nice. I can confirm that the aforementioned patch works
for me.

--Nino