[InterNetNews/inn] 7f28c2: Remove stripping IP options from innd manual
Julien ÉLIE
noreply at github.com
Mon Jul 22 19:01:01 UTC 2024
Branch: refs/heads/main
Home: https://github.com/InterNetNews/inn
Commit: 7f28c2912a5261829a413a4e3d413f23322b1822
https://github.com/InterNetNews/inn/commit/7f28c2912a5261829a413a4e3d413f23322b1822
Author: Julien ÉLIE <Julien-Elie at users.noreply.github.com>
Date: 2024-07-20 (Sat, 20 Jul 2024)
Changed paths:
M doc/pod/innd.pod
Log Message:
-----------
Remove stripping IP options from innd manual
A bug about stripping IP options not working for IPv6 connections was
mentioned in the innd manual page.
Stripping IP options for IPv4 was a vestige introduced in INN 1.6b1
and already removed in INN 2.6.0 in 2014 when modernizing the network
library.
Anyway, even the initial code from INN 1.6b1 was incomplete and did
not prevent INN from being vulnerable to IP spoofing attacks with
source-routed TCP connections.
Other software that also does IP-based restrictions never bothers with
this: xinetd, for example, or the rsync server. That implies that this
is no longer considered a significant security issue, probably because
it's been fixed upstream in the kernel network stack.
close #183
(more information in the ticket)
To unsubscribe from these emails, change your notification settings at https://github.com/InterNetNews/inn/settings/notifications
More information about the inn-committers
mailing list