Hal Murray via devel <devel@ntpsec.org>:
>
> > We could kill the interface command, and let the usual syntax error happen.
> > Or we could raise a special syntax error, calling out the need to use the
> > packet filter instead. Then the question becomes, is it a
> > warn-and-continue,
> > or a error-and-halt?
>
> Error and halt. (or set a flag to halt after the rest of the parsing)
>
> This is a security issue. We don't want to let evil packets in.
I concur. If we're going to drop this command it should fail loudly and hard.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
