Date: Fri, 02 May 2014 11:16:51 -0400 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:08.tcp Message-ID: <44d2fwcisc.fsf@be-well.ilk.org> In-Reply-To: <96385.1398973109@server1.tristatelogic.com> (Ronald F. Guilmette's message of "Thu, 01 May 2014 12:38:29 -0700") References: <96385.1398973109@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ronald F. Guilmette" <rfg@tristatelogic.com> writes: > I also have a question.... > > If one manages a system where (a) all local user accounts are completely > and 100% trustworthy and where (b) one has in place ipfw rules which reject > all incoming packet *fragments* on all outward-facing interfaces, then is > this security problem (relating to the reassembly queue) an issue at all > for said system? Or is it rather a non-event in such contexts? That should keep you safe, but it will break some legitimate connections, not to mention MTU discovery.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44d2fwcisc.fsf>