Re: [PATCH] OpenBSD Networking-related randomization port

[Lorenzo Hernández García-Hierro]

El mié, 02-02-2005 a las 17:17 +0000, linux@xxxxxxxxxxx escribió:
> There *are* things in OpenBSD, like randomized port assignment (as opposed
> to the linear scan in tcp_v4_get_port()) that would be worth emulating.
> Maybe worry about that first?
> 

Completely agreed with you, I was just trying to help with split up
patches, but, as your analysis shows, it's more a weak implementation
than a real security improvement.

All I can say, just ignore the patch.I will work on other (worthy)
issues that are in a bigger need.

Maybe I would work something out on randomized source ports, as soon as
I get time for it.

Note also that Brad fixed obsd_rand.c code this week, I've added him to
the CC list because there are things that may concern grSecurity he
should be able to comment further on it and discuss whatever concerns
*his* work (which is, BTW, a good thing (tm) to have in mind even if he
didn't send split up patches for each feature, which I really don't
know).

I've just ported it out of grsecurity.

Thanks for your meaningful comments,
Cheers.
-- 
Lorenzo Hernández García-Hierro <lorenzo@xxxxxxx> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmadadigitalmente