On Thu, 2009-01-08 at 18:38 +0100, Christian Hammers wrote:
Hello
On Tue, 6 Jan 2009 11:50:35 +0100
Joakim Tjernlund joakim.tjernl...@transmode.se wrote:
On Sun, 04 Jan 2009, Ben Hutchings b...@decadent.org.uk wrote:
Stephen,
Debian 5.0 lenny will release with quagga 0.99.10. However we have
a bug report that:
I try to add routes with /sbin/ip e.g.
/sbin/ip ro add 62.116.121.19 dev br8
strace suggests the resulting netlink message never reaches zebra.
and the proposed fix to the netlink filter:
--- zebra/rt_netlink.c2008-08-15 15:42:56.0 +0200
+++ zebra/rt_netlink.c2008-08-15 15:43:19.0 +0200
@@ -1971,7 +1971,7 @@
/* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B,
sizeof(struct nlmsghdr) + offsetof(struct rtmsg,
rtm_protocol)),
/* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0),
-/* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1),
+/* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0),
/*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3),
/*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr,
nlmsg_type)),
/*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1),
--- END ---
This looks correct to me. Please can you confirm?
Ben.
Don't know , but the current Quagga has something rather different. Check
http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec
a61ef7a62b225a43dab4c5
Jocke
Hannes found a message from Paul Jakma where he fears that the PID-based
solution from your git URL may reopen the security hole CVE-2003-0858 :
http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html
As the code has been committet, was it found to be OK? Or if not, is the
above patch which just swaps the 3, 0 acceptable to close the bug
in our Debian package?
I can't really say, Paul and/or Stephen will have to speak up I think.
Jocke
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
