On Sat, 18 Sep 2004, stheg olloydson wrote: > Hello, > > I don't think Mr Gerun has a problem with the way port randomizing is > implemented. I believe that because he couldn't find any information > about FBSD doing port randomization, he thought it wasn't implemented > at all, so he wrote some patches to enable it. > I missed this bit in the Release Notes myself. Thanks for the effort! I > do have a question, though. I don't understand the commit procedure, so > I have always been a little perplexed by some of the nomenclature in > the CVS log. For example, entries 1.143-1.46 are to Branch: Main, while > 1.59.2.27.2.1 is to Branch: RELENG_4_10 ans 1.5.2.28 is to Branch: > RELENG_4. What exactly Branch: Main? Is it RELENG_5? If so, does that > mean your changes are not in RELENG_5_2? > > Regards, > > Stheg Branch Main is -CURRENT; right now that means it's 6.0, but back when I did the commit, it was 5.2-CURRENT, and RELENG_5 did not yet exist. You are correct that port randomization was not merged into the releng_5_2 branch. Your other deductions are correct, AFAIK. To take this a bit more back on-topic, port randomization was not merged into the security branches because we don't consider RST attacks to be a threat to most users. Once we have finalized fixes for the RST and SYN vectors of the attack, we'll merge those changes, but only to 5-stable and 4-stable. (If you feel that those changes should be merged to the security branches, please tell me AFTER the fixes go in, not now - I don't need the distraction.) Mike "Silby" Silbersack _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"