[email protected] wrote:
> I just saw
> https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/002_icmp6.patch.sig,
> however, it's unclear from the description and the context around the
> patch if this is a read after free or write after free (or both).
I think it is fair you can study the code yourself and make your own
factual determination.
> In the case of a write after free, would this change "Only two remote
> holes in the default install, in a heck of a long time!" to three? Or
> does it need more than IPv6 being configured?
First off, is ipv6 deployment really part of the default install? No,
not really it takes some effort to configure v6, it is not natural. It
is active on the loopback, but then that's not remote..
But there's a bigger assumption in your mail:
We've released the errata as security because it is possibly exploitable
or could cause a crash, and we have a rapid fix release process. It was
released without even seeing any evidence of a remote crash, nor any
evidence of a remote exploit. Incorrect code gets fixed, and if we
judge it important we release a fix to the public in expedited fashion,
and apparently get judged for doing so.
Now that the fix is released and deployed by most openbsd users, we
quickly become uncurious and head back to other work. The only
conversations related to this are asking how we can harden the mbuf
layer to avoid similar issues in the future.
I guess many other operating systems would wait weeks or months to
collect all the "facts" and make a fancy disclosure, but we shipped
source and binary fixes in just over 24 hours.
So, is it a remote crash? Possibly, but we'd like to see a packet
that causes it.
Next after that, is it a remote exploit?
I think it is fair to wait for facts.
I also think you are a troll.
