[sr-dev] [tracker] Assignee added: Crash if t_release() is executed after t_relay_to(), when this last returns -1

[Daniel-Constantin Mierla]

On 12/1/11 12:44 PM, Henning Westerholt wrote:
> On Thursday 01 December 2011, Daniel-Constantin Mierla wrote:
>> [..]
>>> Anyone objecting to implementing a process for handling security
>>> incidents?
>> I have no objection in this regard, any contribution/managing process
>> that will make usage of the project easier/more attractive for various
>> people is welcome. The question will be who will take the work (e.g.,
>> reviewing, categorization, announcements to devels and community, ...).
>> Personally, I try not to make a difference between bugs, but just try to
>> solve asap, with priority on how common use case is the situation rising
>> the bug.
>>
>> Another question is categorizing 'security bugs' - in my understanding I
>> consider such bugs when one can gain access to server or
>> steal/compromise data from/on the server. Chasing situations are not in
>> this category (IMO).
> Hi Daniel,
>
> IMHO also certain denial of service attacks belongs to the "security bug"
> class. If somebody can easily bring my service down because of e.g. a crash
> during the processing of misformated (network) input then the availability of
> the service can be easily compromised.
Then flooding to fill the pipe will cause same kind of issue to 
availability of the service - a bug of the infrastructure.

As expressed in another email just sent, imo there are two categories 
here: stability and security

Cheers,
Daniel

-- 
Daniel-Constantin Mierla -- http://www.asipto.com
Kamailio Advanced Training, Dec 5-8, Berlin: http://asipto.com/u/kat
http://linkedin.com/in/miconda -- http://twitter.com/miconda