From owner-cvs-all@FreeBSD.ORG Sun Aug 19 16:31:58 2007 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4442A16A417; Sun, 19 Aug 2007 16:31:58 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id C211C13C47E; Sun, 19 Aug 2007 16:31:57 +0000 (UTC) (envelope-from max@love2party.net) Received: from dslb-088-066-038-247.pools.arcor-ip.net [88.66.38.247] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis), id 0ML31I-1IMnUk1fFr-0001bP; Sun, 19 Aug 2007 18:19:19 +0200 From: Max Laier Organization: FreeBSD To: "Dmitry Pryanishnikov" Date: Sun, 19 Aug 2007 18:18:51 +0200 User-Agent: KMail/1.9.7 References: <46C861BA.4000708@gmail.com> <754a9c140708190854vde1ca31n8ec1e9c5fbc9cbb3@mail.gmail.com> In-Reply-To: <754a9c140708190854vde1ca31n8ec1e9c5fbc9cbb3@mail.gmail.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart47503197.B6qlqSAryW"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200708191819.10716.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+u9XupsXeG97Vf/e7gpPBp/D4qKVDi3Sa3zWg MvH+GBgbMmTtkkdfexlQHj3jfvX9HEE31Tc4pcafIBftzCtRKC wrGKUelrh4mQhZ/6Ds+582L2PZyf3DdAKZxWEgK6Fk= Cc: cvs-src@freebsd.org, src-committers@freebsd.org, "Christian S.J. Peron" , cvs-all@freebsd.org Subject: Re: FreeBSD Mail Archives X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Aug 2007 16:31:58 -0000 --nextPart47503197.B6qlqSAryW Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 19 August 2007, Dmitry Pryanishnikov wrote: > Hello! > > > Date: Sat, 4 Aug 2007 20:35:42 +0000 (UTC) > > From: "Christian S.J. Peron" > > To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, > > cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.8 > > Message-ID: <200708042035.l74KZg6K061244@repoman.freebsd.org> > > csjp 2007-08-04 20:35:42 UTC > > > > FreeBSD src repository > > > > Modified files: > > sbin/ipfw ipfw.8 > > Log: > > Remove references to mpsafenet. This option no longer exists. > > I think this commit may create false feeling that using ipfw features > such as gid, jail, uid and dummynet for IPv6 are now available for > general use. However, I don't see commit messages for the locking fixes > which would make these options safe. If I don't miss anything here, > removal of the debug.mpsafenet makes all these ipfw uses always > dangerous, so this fact should be mentioned in BUGS section of the > manpage (until someone actually fixes those uses). As discussed before the removal of mpsafenet, the LOR reported for uid,=20 gid and jail rules is a false positive! There is no danger (of deadlock)=20 from using these rules. I'd still discourage the use of these options as they don't always do what= =20 people expect. The right sollution is a MAC based filter in the socket=20 layer. Although it does !sometimes! make sense to drop/accept packets=20 early. Esp. with protocols like ftp or sip it can be helpful, but one=20 should still be aware of the implications. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart47503197.B6qlqSAryW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBGyG1+XyyEoT62BG0RAliBAJ4vR1EOP4QnHBCTh2cyHchUqW9sbACeJUEx 3woywfOIS0XrLk8AHi6ZPec= =D/eF -----END PGP SIGNATURE----- --nextPart47503197.B6qlqSAryW--