On Thu, Jan 04, 2007 at 12:49:02PM +0000, Gerrit Renker wrote: > > The key point where the new definition differs from the old is that _the > relation_ > before(x,y) is unambiguous: the case "before(x,y) && before(y,x)" will no > longer occur.
This is highly dependent on how the before macro is used in actual code. There is nothing to suggest that this change won't create new security holes in DCCP or any other protocol that uses this macro. The only way to be sure is to audit every single use. So I think we need to do one of two things: 1) Audit every single before/after check to ensure that it works correctly with the new definition. 2) Change before/after such that before(x, x+2^31) == !before(x+2^31, x). Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html