From owner-freebsd-net@FreeBSD.ORG Fri Nov 21 15:58:43 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AAC8BCC9; Fri, 21 Nov 2014 15:58:43 +0000 (UTC) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 62ACA21C; Fri, 21 Nov 2014 15:58:43 +0000 (UTC) Received: from mx.elandsys.com (IDENT:logan@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id sALFweOF008023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 Nov 2014 07:58:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1416585521; x=1416671921; bh=GUTTJGAZaS3KWrR2LQmcTiY1Gvfb/C7LGwVwlD/eLnw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=j8hEZBV8UvlULwgCiamh3qGNiLnoRTTEj6Mgng5zbiD1WYxUF5EzzDL56H5l8fk6U 4/RzUCxcZAiTkRE3HJpK5E9ERcjJImZD7cT4f7PlqCEIrbi6xNhiMu1CZMFhh49gN+ Pxf/tNbOZnnMt++ucoYkxnE7gU2BWHFu6zsefL/w= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1416585521; x=1416671921; i=@elandsys.com; bh=GUTTJGAZaS3KWrR2LQmcTiY1Gvfb/C7LGwVwlD/eLnw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=UEidzyoOco0RtOHoWObL3Eyvb2Qr5eKUZhcf2bVU9SgUoPv3Ux6YF6+vuBTnF0unc zCzAs1ifbwWPdcwt/URkaIfqVfWuj+gtd8UdBVYuw5V0Ksj3VMa+SOGE976ZI4Z9GV uzKw1FIWz80VBAMJfDyMRM2S+x36VScaG1Uq5tBM= Received: (from logan@localhost) by mx.elandsys.com (8.14.5/8.14.5/Submit) id sALFwd0Z016967; Fri, 21 Nov 2014 07:58:39 -0800 (PST) X-Authentication-Warning: mx.elandsys.com: logan set sender to logan@elandsys.com using -f Date: Fri, 21 Nov 2014 07:58:39 -0800 From: Loganaden Velvindron To: "Bjoern A. Zeeb" Subject: Re: VIMAGE + pf security fix? Message-ID: <20141121155839.GA15001@mx.elandsys.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Craig Rodrigues , FreeBSD Net , "freebsd-virtualization@freebsd.org" , freebsd-arch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2014 15:58:43 -0000 On Fri, Nov 21, 2014 at 10:52:05AM +0000, Bjoern A. Zeeb wrote: > > On 21 Nov 2014, at 08:06 , Craig Rodrigues wrote: > > > On Thu, Nov 20, 2014 at 10:07 AM, Craig Rodrigues > > wrote: > > > >> On Wed, Nov 19, 2014 at 6:05 AM, Bjoern A. Zeeb wrote: > >> > >>> > >>> For people to use pf with VIMAGE we first MUST have the security fix > >>> imported that I pointed out a couple of times in the past. > >>> > >> > >> At this link: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3830 > >> > >> I see the security issue mentioned, but I can't find the patch that fixes > >> the problem. > >> Where is the patch? > >> > > > > I read this link: > > http://esec-lab.sogeti.com/post/2010/12/09/CVE-2010-3830-iOS-4.2.1-packet-filter-local-kernel-vulnerability > > > > and I think this is the fix: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_ioctl.c?rev=1.236&content-type=text/x-cvsweb-markup > > > > but I can?t even apply that patch to our pf_ioctl.c. > > to my best knowledge we have never pulled a fix for this in. The last ?sync? of pf was way before that vulnerability (unless I completely missed something). I'd be interested in helping to fix this, as I depend on this. > > ? > Bjoern A. Zeeb "Come on. Learn, goddamn it.", WarGames, 1983 > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >