| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200802081243.52504.paul.moore@hp.com> Date: Fri, 8 Feb 2008 12:43:52 -0500 From: Paul Moore <paul.moore@...com> To: casey@...aufler-ca.com Cc: Andrew Morton <akpm@...ux-foundation.org>, davem@...emloft.net, jmorris@...ei.org, mingo@...e.hu, sds@...ho.nsa.gov, linux-kernel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: + smack-unlabeled-outgoing-ambient-packets.patch added to -mm tree > > > ------------------------------------------------------ > > > Subject: Smack: unlabeled outgoing ambient packets > > > From: Casey Schaufler <casey@...aufler-ca.com> > > > > > > Smack uses CIPSO labeling, but allows for unlabeled packets by > > > specifying an "ambient" label that is applied to incoming > > > unlabeled packets. Because the other end of the connection may > > > dislike IP options, and ssh is one know application that behaves > > > thus ... I forgot to mention this earlier, but RHEL/Fedora/Rawhide has a patched version of SSH (see RH bugzilla #202856 for the discussion/patch) that fixes the problem of IPv4 options causing SSH to reject the connection. It turns out that SSH is being a bit overzealous (rejecting all IPv4 options) in trying to reject source-routed packets. -- paul moore linux security @ hp -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists