Matthias May <matthias....@neratec.com> writes: > While unfortunate that the actual patch which got merged didn't have the > explanation why the patch was done, if you look > at the mailing list archive you will see that there was a thread discussing > this topic: > http://lists.infradead.org/pipermail/lede-dev/2017-September/009004.html
This fails to discuss the reason that TTL restriction was there in the first place, as well as any security implications of the change. Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6520 https://www.kb.cert.org/vuls/id/550620 and more. This is a well known can of worms. As said before: You should disuss such issues with your proposed patches. Not doing so gives the impression that you either a) don't understand the implications, or b) don't care about security I hope neither is true. Please reassure me by fixing this up. Bjørn _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
