Contributed by grey on from the can't think of anything clever to write right now dept.
Handle an edge condition in tcp(4) timestamps.
A source code patch exists which remedies this problem may be found here for 3.6 and here for 3.5.
(Comments are closed)
By Anthony Roberts (68.145.103.21) on
Comments
By Anonymous Coward (68.6.193.220) on
By Brian Camp (205.161.1.46) on
http://undeadly.org/cgi?action=article&sid=20050313234124&pid=41
Better not ask.
Comments
By Daniel Hartmeier (62.65.145.30) daniel@benzedrine.cx on http://www.benzedrine.cx/dhartmei.html
Comments
By Jim (69.182.45.193) on
I apologize for being an idiot... but what does this sentence mean? Are you saying that CERT will not tell you how problems could affect OpenBSD? Or are you saying that an agreement with CERT prevents you from saying how problems affect OpenBSD?
Comments
By tedu (69.227.45.201) on
Comments
By Chas (147.154.235.51) on
...that you were tipped off about this problem and fixed it, but other OS platforms on the internet have the same problem and you don't want to make life any harder for them.
However, when you dissemble regarding the risk and severity of a patch, it does strain our trust in you.
I am applying this patch, and I know that you have our interests at heart, but please try not to strain this trust in the future. I like buying your CDs and using your OS, and I don't want a reason to go elsewhere.
Comments
By Chris (24.76.170.207) on
Comments
By Chas (147.154.235.51) on
So tell me, taking OpenBSD into a corporate environment and explaining to an IT manager that you need to reboot for a kernel patch "because they said so" seems like an easy thing to do to you?
If Sun tried this, they would be burned at the stake. This is OpenBSD, so we let it slide.
Feel free to mod me down more if you like. It doesn't change a thing.
Comments
By Brad (204.101.180.70) brad at comstyle dot com on
By tedu (64.173.147.27) on
By Bert (68.50.4.145) on thrashbluegrass@antisocial.com
Sure, they'd be pilloried. And if you look at some of the other comments on the list, so is the OpenBSD team.
Microsoft, Red Hat, etc. certainly have a higher standard to be held to, precisely because they charge for support - if you've paid that, you should be able to expect some more verbage from them. How much are you *required* to pay for OpenBSD? As far as I know, the required outlay is the price of your internet connection, which I'm willing to bet you'd have anyway.
And, on the subject of verbage, what's your take on "reading the previously supplied link which explains why the developers can't tell you?"
From the CERT/CC link provided by Daniel Hartmeier:
"All vulnerabilities reported to the CERT/CC will be disclosed to the public 45 days after the initial report, regardless of the existence or availability of patches or workarounds from affected vendors."
It isn't the OpenBSD team's knowledge to distribute. Be happy that you'll know what it was soon. Be happy that a patch was made (and quickly) before details of the problem became script-kiddie-friendly.
And about your complaint concerning telling an IT manager "that you need to reboot for a kernel patch 'because they said so'?" I'd assume that any IT manager worth their salt, seeing a patch distributed for a CERT-issued vulnerability warning from a product's developers, wouldn't need too much prodding in that direction.
By marco (but not marco@) (149.169.52.82) on
secondly, show me an it manager that will know what they hell you're talking about when you tell them "it fixes a condition in the kernel's networking stack". if, by some strange act of god, they do know, have them look at the patch themselves
By Anonymous Coward (128.39.141.245) on
Sun systems also need to be rebooted for kernel updates. Ditto Win2003 systems, Tru64 systems, Irix systems, and Linux systems. Systems get rebooted, especially when tinkering with or updating the kernel, deal with it.
If you or your manager think this is reason enough to throw a screaming, crying flailing fit on the server room floor, or to threaten never to use a particular OS again, then I regard neither of you as employable in an IT technical or managerial role.
Mod you down? Its far more entertaining seeing you make an ass out of yourself :)
By Anonymous Coward (216.231.61.224) on
Comments
By rene (138.217.52.28) on
By Chad Loder (216.239.134.34) on
> However, when you dissemble regarding the risk and severity of a patch, it does strain our trust in you.
> I am applying this patch, and I know that you have our interests at heart, but please try not to strain this trust in the future. I like buying your CDs and using your OS, and I don't want a reason to go elsewhere.
This is one of the dumbest things I've heard in awhile. The beauty of open source is, if you don't want to trust us then read the patch yourself and it will be obvious what it does. If you aren't capable of understanding the patch, then you'd still have to trust any explanation we gave you. How would that help you?By Roo (83.146.8.227) darkboong@hotmail.com on
Cheers,
Roo
By test (12.108.12.64) on sorry
Comments
By tedu (64.173.147.27) on
By halosfan (192.223.243.5) on
Comments
By tedu (64.173.147.27) on
By Anonymous Coward (212.143.248.152) on
http://ethernet.org/~brian/errata/errata-rss.xml
updated every 5 minutes; does ugly "parsing" on errata.html
i hope this helps.
By Anonymous Coward (207.229.38.13) on
/* $OpenBSD: tcp_input.c,v 1.175.2.3 2005/04/01 15:31:06 brad Exp $
and the patch
+++ sys/netinet/tcp_input.c 1 Apr 2005 15:32:53 -0000 1.158.2.5
My mirror is anoncvs1.usa.openbsd.org IF the date/time is to be trusted, the last time the mirror pulled the file was a little less than 2minutes before the change was commited. Interesting!
Comments
By tedu (64.173.147.27) on
By Anonymous Coward (62.252.32.14) on
Comments
By Daniel Hartmeier (195.234.187.87) on
I guess an example would be a function (in programming context) that returns correct results for typical arguments, and also correctly returns errors when passed completely invalid arguments, but contains a bug that will cause it to return incorrect results (or crash) when arguments are right at the edge of the valid domain, like an off-by-one in argument checking.
Comments
By Anonymous Coward (213.118.35.44) on
By Anonymous Coward (212.143.248.152) on