In message <20150128194011.2175B19F at hub.freebsd.org>, "Roger Marquis" writes:> >> If SCTP is NOT compiled in the kernel, are you still vulnerable ? > > > > No -- we should have mentioned that too. For GENERIC kernel however > > SCTP is compiled in. > > Should probably fix that too, in GENERIC, considering how little used this > protocol is.It is not used much because there is not critical mass and you want to reduce what little there is out there? It is a good thing that it is in GENERIC. Mark> Roger Marquis > > _______________________________________________ > freebsd-security at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
Really, how many SCTP users are there om the wild... maybe one? It shouldn't be in GENERIC at the very least! On 28/01/2015 21:19, Mark Andrews wrote:> > In message <20150128194011.2175B19F at hub.freebsd.org>, "Roger Marquis" writes: >>>> If SCTP is NOT compiled in the kernel, are you still vulnerable ? >>> >>> No -- we should have mentioned that too. For GENERIC kernel however >>> SCTP is compiled in. >> >> Should probably fix that too, in GENERIC, considering how little used this >> protocol is. > > It is not used much because there is not critical mass and you want > to reduce what little there is out there? It is a good thing that > it is in GENERIC. > > Mark > >> Roger Marquis >> >> _______________________________________________ >> freebsd-security at freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>> >> If SCTP is NOT compiled in the kernel, are you still vulnerable ? >> > >> > No -- we should have mentioned that too. For GENERIC kernel however >> > SCTP is compiled in. >> >> Should probably fix that too, in GENERIC, considering how little used this >> protocol is. > > It is not used much because there is not critical mass and you want > to reduce what little there is out there? It is a good thing that > it is in GENERIC.While this isn't the place to enumerate the issues with SCTP (beyond the recent advisories) I hope we're not putting anything in the GENERIC kernel for advocacy purposes. Cannot the few who want to use it simply compile their own kernel? Roger