Subj : Re: Tutorial for rookies To : tenser From : N1uro Date : Tue Oct 12 2021 01:25 pm tenser; -=> tenser wrote to N1uro <=- te> Bluntly, I don't believe you. With no supporting evidence of the te> existence of these bugs, let alone tracking, this is nothing more te> than typical ham-centric FUD. Is it your policy in life to call those who develop the things you may use a liar? This is the sort of thing that belongs on facebook. Why not show a bit of appreciation for the things and be proactive rather than point fingers and say hateful things instead. te> To be clear, I was hoping for a pointer to a bug tracker. It te> wouldn't be hard to produce patches for something as simple as te> Linux's AX.25 implementation, but without any sort of knowledge te> about what is _actually_ wrong, let alone root cause te> investigation, it's not a good time investment. We -did- submit requests for this to be added to some sort of a bug tracker however the cracks involved are so grave in nature it was decided best not to publish them as to protect the licenses of the hams who may be using such configurations. A full and total take-over of a system can easily be accomplished if the bugs were published. Is this what you promote in your thinking? te> "Read the archives of my project's mailing list" is not a good te> answer. te> Since you appear to keep shutting that project down on a whim, I'm te> not particularly interested in looking closely at it. Sorry, it's te> just not worth my time to deal with cantankerous folks who don't te> want to work in a spirit of cooperation. Your opinion is quite false in nature. What proof do you have of this? URONode and my other projects are quite alive and in the various repositories. What projects do you have? Besides my own projects I also contribute to the LinFBB project. I pulled my projects off sourceforge until such time as the kernel bugs are fixed. I'm simply tired with receiving emails asking me why my stuff "doesn't work" when I have the only node project available that works on old IBM emulation systems! When the critical kernel issues are resolved they'll be back on sourceforge as I have upgrades for them all to release. te> But he didn't actually describe the problem. There was a comment te> saying something about freeing up resources; that was it. No te> description of how the problem manifests itself, what goes wrong, te> the failure mode, etc. There's a one-line patch that was apparently te> never sent to LKML in an older version of the kernel on a random te> web site. No you obviously did not comprehend the NetRom bug issue at all. When a box boots up as fresh, and no users/robots have used the NetRom stack in said box, it will await the 1st connection to which an underlaying ax.25 VIRTUAL CIRCUIT is then created for the NetRom socket to transport through on. That 1st and only that 1st connection will appear to work and be valid. When the session is completed, the underlaying ax.25 layer stays open thus causing the underlaying NetRom socket to be open and available for a remote attacker to attach to and own the box. Marius clearly spells this out in his patches and unlike a 1 line fix as you claim, it's a 4 line patch to insure that the ax.25 virtual circuit gets closed when NetRom is used. Understand now? And if axip/axudp is used, this leaves the IP socket open awaiting any outside resource to connect to it. In your NetStat you'd see something like: N1URO-4 KE6I-10 N1URO-4 nr2 LISTENING 000/000 0 0 How can an established connection be in listening or waiting for a connect mode? With such an easy way for a non-ham to attach themself to a box perhaps now you may understand why such bugs are NOT published for the whole world to search. We take tests for our licenses... not to have some packet kiddie take them from us. This is simply one of many that need attention to. N1> However considering what you appear to keep yourself blinded to, might I N1> suggest Windows and BPQ32? te> Nah. I'm good. *raises a vulcan eyebrow* .... MultiMail, the new multi-platform, multi-format offline reader! --- MultiMail/Linux v0.52 * Origin: Carnage - risen from the dead now on SBBS (21:4/107) .