On Thu, 2009-01-08 at 18:38 +0100, Christian Hammers wrote:
> Hello
> 
> On Tue, 6 Jan 2009 11:50:35 +0100
> "Joakim Tjernlund" <joakim.tjernl...@transmode.se> wrote:
> 
> > > On Sun, 04 Jan 2009, Ben Hutchings <b...@decadent.org.uk> wrote:
> > > 
> > > Stephen,
> > > 
> > > Debian 5.0 "lenny" will release with quagga 0.99.10.  However we have
> > > a bug report that:
> > > 
> > > "I try to add routes with "/sbin/ip" e.g.
> > >  /sbin/ip ro add 62.116.121.19 dev br8
> > > 
> > > strace suggests the resulting netlink message never reaches zebra."
> > > 
> > > and the proposed fix to the netlink filter:
> > > 
> > > --- zebra/rt_netlink.c    2008-08-15 15:42:56.000000000 +0200
> > > +++ zebra/rt_netlink.c    2008-08-15 15:43:19.000000000 +0200
> > > @@ -1971,7 +1971,7 @@
> > >      /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
> > >               sizeof(struct nlmsghdr) + offsetof(struct rtmsg, 
> > > rtm_protocol)),
> > >      /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
> > > -    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
> > > +    /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
> > >      /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
> > >      /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, 
> > > nlmsg_type)),
> > >      /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
> > > --- END ---
> > > 
> > > This looks correct to me.  Please can you confirm?
> > > 
> > > Ben.
> > 
> > Don't know , but the current Quagga has something rather different. Check
> > http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
> > a61ef7a62b225a43dab4c5
> > 
> >  Jocke
> 
> Hannes found a message from Paul Jakma where he fears that the PID-based
> solution from your git URL may reopen the security hole CVE-2003-0858 :
>   http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html
> 
> As the code has been committet, was it found to be OK? Or if not, is the 
> above patch which just swaps the "3, 0" acceptable to close the bug
> in our Debian package?

I can't really say, Paul and/or Stephen will have to speak up I think.

     Jocke



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to