In a message written on Fri, Mar 01, 2002 at 03:56:23AM -0800, Luigi Rizzo wrote:
> ok, these three drivers behave as follows:
>
> "ed" pads with whatever is left in the transmit buffer from
> earlier transmissions;
> "vr" pads with whatever is available in the mbuf after the actual data;
I point out both of these are security risks. Granted, fairly
minor, but they allow someone to get all/part of a previous packet's
data, when they should have it. This sort of thing has been used
as an attack vector before. I think fixing these to pad with some
generated (0's, 1's, /dev/random, whatever) should be a top priority.
--
Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [EMAIL PROTECTED], www.tmbg.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
