bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-01 11:29 UTC
[Bug 1644] New: Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Summary: Allow ip options except source routing Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-09-01 21:29:14 EST --- Do not fail on all IP options, only on source-routing -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-01 11:30 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #1 from jchadima at redhat.com 2009-09-01 21:30:51 EST --- Created an attachment (id=1691) Patch solving the problem -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-01 12:16 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2009-09-01 22:16:53 EST --- Exactly what "problem" are you trying to solve here? On the patch itself: it does not seem to correctly handle NOP (option 1) and I suspect you could slip a source route past it with just {NOP, LSR, ...}. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-01 13:36 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Tomas Mraz <t8m at centrum.cz> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1691|0 |1 is obsolete| | --- Comment #3 from Tomas Mraz <t8m at centrum.cz> 2009-09-01 23:36:34 EST --- Created an attachment (id=1693) Fixed patch The increment is not right for the other options either - the value in the length octet includes the two bytes for type and length octets. The attached patch should be right. The patch is necessary for allowing connections over CIPSO labelled networking to sshd. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-02 00:03 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2009-09-02 10:03:54 EST --- (In reply to comment #3)> Created an attachment (id=1693) [details][...]> The patch is necessary for allowing connections over CIPSO labelled > networking to sshd.That's not true, it's far broader that that. It allows all options, present and future (other than source route) regardless of the security implications. Also, I was curious about the origin of this patch, and it seems the original author was Paul Moore at HP. Is this the case? Who are the original authors of the rest of the patches recently submitted? http://cvs.fedoraproject.org/viewvc/rpms/openssh/F-8/openssh-4.3p2-allow-ip-opts.patch?view=co -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Sep-02 04:58 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 jchadima at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jchadima at redhat.com --- Comment #5 from jchadima at redhat.com 2009-09-02 14:58:15 EST ---> > Also, I was curious about the origin of this patch, and it seems the > original author was Paul Moore at HP. Is this the case? Who are the > original authors of the rest of the patches recently submitted? >Yes this patch origins from Paul More @Hp. The rest is by Red Hat people: Nalin Dahyabhai, Steve Grubb, Dan Walsh, Tomas Mraz and Jan F. Chadima and maybe others. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Oct-22 23:54 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1626 --- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2009-10-23 10:54:39 EST --- If we're going to do this we should whitelist known safe options instead, and we should handle IP4 and IP6 connections consistently. I'll take a look at this for 5.4. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1626 | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1708 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-03 05:40 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #7 from Damien Miller <djm at mindrot.org> --- We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-03 05:42 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1803 --- Comment #8 from Damien Miller <djm at mindrot.org> --- Targetting OpenSSH 5.7 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-03 05:44 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks|1708 | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:30 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1803 | --- Comment #9 from Damien Miller <djm at mindrot.org> 2011-01-24 12:30:49 EST --- Retarget unclosed bugs from 5.7=>5.8 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:31 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1845 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:34 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #10 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:17 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:36 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #11 from Damien Miller <djm at mindrot.org> 2011-09-06 10:36:30 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:39 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1845 | --- Comment #12 from Damien Miller <djm at mindrot.org> 2011-09-06 10:39:04 EST --- Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-25 05:29 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Jan F. Chadima <jfch at jagda.eu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jfch at jagda.eu -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:34 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1986 --- Comment #13 from Damien Miller <djm at mindrot.org> 2012-02-24 10:34:26 EST --- Retarget from 6.0 to 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:38 UTC
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1930 | --- Comment #14 from Damien Miller <djm at mindrot.org> 2012-02-24 10:38:05 EST --- Retarget 6.0 => 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 1889] New: bug in packet.c sometimes cause segfault
- [Bug 1641] New: Add SELinux roles
- [Bug 1701] New: FIPS-140-2 requires call to RAND_cleanup() before the program using RAND exits
- [Bug 1890] New: Entropy management for linux
- [Bug 1402] New: [RFE] Support auditing through Linux Audit subsystem