VIA/ACE PadLock integration with crypto(9).

Pawel Jakub Dawidek pjd at FreeBSD.org
Fri Aug 19 20:49:31 GMT 2005


On Fri, Aug 19, 2005 at 11:23:56AM -0400, Mike Tancsa wrote:
+> At 12:20 PM 18/08/2005, Pawel Jakub Dawidek wrote:
+> >+>
+> >+> It probably worth a security advisory.
+> >It's only a local DoS on systems with crypto HW and /dev/crypto.
+> >Note that /dev/crypto is not needed for fast_ipsec(4) with HW
+> >acceleration, nor for geli(8).
+> >Workaround is also very simple:
+> >        # chmod 600 /dev/crypto
+> 
+> FYI,
+>          I have been running with the patch on a RELENG_4 box and it prevents the DoS
[...]
+> Any chance to MFC it back to RELENG_4 ?

Done.

-- 
Pawel Jakub Dawidek                       http://www.wheel.pl
pjd at FreeBSD.org                           http://www.FreeBSD.org
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050819/2a77ec04/attachment.bin


More information about the freebsd-current mailing list