Previously martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
___
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 22:30:02+0100]:
> Why is a filtering bridge no longer a bridge? It does not route, it
> does not change packets, it just selectively does not pass some on.
> A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filterin
Previously martin f krafft wrote:
> because it's filtering based on the IP information. brides speak no
> IP.
It filters based on packet content that just happens to be IP
information. Just like the u32 filter, except the syntax is easier.
It still bridges.
Wichert.
--
__
Previously martin f krafft wrote:
> oh my, everyone is misunderstanding my non-important, trivial point. i
> am not doubting that linux bridging and netfilter do interface, i am
> merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not ro
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 22:30:02+0100]:
> Why is a filtering bridge no longer a bridge? It does not route, it
> does not change packets, it just selectively does not pass some on.
> A broken bridge maybe from a strict standpoint, but still a bridge.
because it's filteri
Previously martin f krafft wrote:
> oh my, everyone is misunderstanding my non-important, trivial point. i
> am not doubting that linux bridging and netfilter do interface, i am
> merely saying that such a fusion is not a bridge anymore.
Why is a filtering bridge no longer a bridge? It does not r
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 12:59:38+0100]:
> Wrong :). Someone (forgot his name unfortunately) already implemented
> this. If you ask on the netfilter list they should be able to point
> you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial p
* William R. Ward <[EMAIL PROTECTED]> [2001.11.29 18:00:40-0800]:
> Question: Is it generally considered secure enough to sudo a bash
> script like your sucpaliases? Or should a C equivalent be written
> instead?
no. especially not the quick'n'dirty version that alvin posted. i am
not criticizing
* Wichert Akkerman <[EMAIL PROTECTED]> [2001.12.02 12:59:38+0100]:
> Wrong :). Someone (forgot his name unfortunately) already implemented
> this. If you ask on the netfilter list they should be able to point
> you to the right patch.
oh my, everyone is misunderstanding my non-important, trivial
* William R. Ward <[EMAIL PROTECTED]> [2001.11.29 18:00:40-0800]:
> Question: Is it generally considered secure enough to sudo a bash
> script like your sucpaliases? Or should a C equivalent be written
> instead?
no. especially not the quick'n'dirty version that alvin posted. i am
not criticizin
Wichert Akkerman wrote:
> Previously John DOE wrote:
> > PS : Thanks a lot for your help. I don't know how familiar you are
> > with cryptographic concepts but I already have the original sheets of
> > SSL from Netscape and SSL is not a bilateral entity authentication,
> > identification protocol y
Previously Howland, Curtis wrote:
> Excuse me if this is old hat, has anyone else heard of a vulnerability
> like this?
It sounds strange. The Linux kernel does not do seperate caching for
NFS as far as I know, and all caching is done in kernel space which
you can not see from userspace (unless yo
Previously Ted Cabeen wrote:
> However, thinking about it, this doesn't work. If you're editing as root, you
> can use :e to switch to editing a SUID root file (any one you can write to
> will work), delete the entire contents, and then use :r to bring in the
> /bin/sh executable.
But you can re
Previously martin f krafft wrote:
> okay, this is an interesting point. however, all i was saying is that
> the linux bridging project is commiting suicide (as the bridging
> project) as soon as they interface with netfilter or anything else
> that works with IP.
Wrong :). Someone (forgot his name
Previously John DOE wrote:
> PS : Thanks a lot for your help. I don't know how familiar you are
> with cryptographic concepts but I already have the original sheets of
> SSL from Netscape and SSL is not a bilateral entity authentication,
> identification protocol you only know that the server at th
Wichert Akkerman wrote:
> Previously John DOE wrote:
> > PS : Thanks a lot for your help. I don't know how familiar you are
> > with cryptographic concepts but I already have the original sheets of
> > SSL from Netscape and SSL is not a bilateral entity authentication,
> > identification protocol
Previously Howland, Curtis wrote:
> Excuse me if this is old hat, has anyone else heard of a vulnerability
> like this?
It sounds strange. The Linux kernel does not do seperate caching for
NFS as far as I know, and all caching is done in kernel space which
you can not see from userspace (unless y
Previously Ted Cabeen wrote:
> However, thinking about it, this doesn't work. If you're editing as root, you
> can use :e to switch to editing a SUID root file (any one you can write to
> will work), delete the entire contents, and then use :r to bring in the
> /bin/sh executable.
But you can r
Previously martin f krafft wrote:
> okay, this is an interesting point. however, all i was saying is that
> the linux bridging project is commiting suicide (as the bridging
> project) as soon as they interface with netfilter or anything else
> that works with IP.
Wrong :). Someone (forgot his nam
Previously John DOE wrote:
> PS : Thanks a lot for your help. I don't know how familiar you are
> with cryptographic concepts but I already have the original sheets of
> SSL from Netscape and SSL is not a bilateral entity authentication,
> identification protocol you only know that the server at t
20 matches
Mail list logo
