Hello On Tue, 6 Jan 2009 11:50:35 +0100 "Joakim Tjernlund" <joakim.tjernl...@transmode.se> wrote:
> > On Sun, 04 Jan 2009, Ben Hutchings <b...@decadent.org.uk> wrote: > > > > Stephen, > > > > Debian 5.0 "lenny" will release with quagga 0.99.10. However we have > > a bug report that: > > > > "I try to add routes with "/sbin/ip" e.g. > > /sbin/ip ro add 62.116.121.19 dev br8 > > > > strace suggests the resulting netlink message never reaches zebra." > > > > and the proposed fix to the netlink filter: > > > > --- zebra/rt_netlink.c 2008-08-15 15:42:56.000000000 +0200 > > +++ zebra/rt_netlink.c 2008-08-15 15:43:19.000000000 +0200 > > @@ -1971,7 +1971,7 @@ > > /* 7*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_B, > > sizeof(struct nlmsghdr) + offsetof(struct rtmsg, > > rtm_protocol)), > > /* 8*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_REDIRECT, 4, 0), > > - /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 0, 1), > > + /* 9*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_KERNEL, 3, 0), > > /*10*/ BPF_JUMP(BPF_JMP+ BPF_B, RTPROT_ZEBRA, 0, 3), > > /*11*/ BPF_STMT(BPF_LD|BPF_ABS|BPF_H, offsetof(struct nlmsghdr, > > nlmsg_type)), > > /*12*/ BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, htons(RTM_NEWROUTE), 0, 1), > > --- END --- > > > > This looks correct to me. Please can you confirm? > > > > Ben. > > Don't know , but the current Quagga has something rather different. Check > http://code.quagga.net/cgi-bin/gitweb.cgi?p=quagga.git;a=commitdiff;h=3d265b4d9d748bf4c92aefebc2ca0c04fd607945;hp=30a2231a4881f53dec > a61ef7a62b225a43dab4c5 > > Jocke Hannes found a message from Paul Jakma where he fears that the PID-based solution from your git URL may reopen the security hole CVE-2003-0858 : http://lists.quagga.net/pipermail/quagga-dev/2008-August/005740.html As the code has been committet, was it found to be OK? Or if not, is the above patch which just swaps the "3, 0" acceptable to close the bug in our Debian package? bye, -christian- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
