Re: [lcdpd-users] Lcdp bugs?
Status: Inactive
Brought to you by:
tom_burkart
Menu
▾
▴
Re: [lcdpd-users] Lcdp bugs?
|
From: Chris C. <ch...@sh...> - 2002-01-26 20:14:52
|
On Sat, 26 Jan 2002, Joerg Mayer wrote: > Hello, Hey, > annotated patchfile below). The more I think about it, the more I am conv= inced that > cdp should *not* be implemented as a kernel module but as a user space da= emon. One =09I'm working on creating a userspace version atm (currently it's nothing more than a rough sketch out). > more thing about the module: cisco recently published a security advisory= about a > DOS on cdp that would work against your code too: Take a machine that sen= ds out faked > cdp packets from many faked senders. If you add long version strings etc = then it's =09*nod* - I've heard the exploit, someone mentioned it to me a while ago; but I completly forgot about it, I'll read-over your patch and probably add it to the CVS version of the code today or tommorow. > a thing of a few seconds and there will be no memory left - and the more = I looked at > the code, the more I'm conviced that cdp should be done in a userspace da= emon instead > of a kernel module. That way the normal resource limiting mechanism can b= e used. =09This is going to be done - the kernel patch will probably end up an item of historic interest to the project; and used by me because I like being able to cat a proc entry to get a quick list :) Of course that could just as easily be done by domain sockets or FIFO's...which is probably what I'll do on the daemon. > Ciao > J=F6rg --=20 Chris "_Shad0w_" Crowther ch...@sh... http://www.shad0w.org.uk/ |
