Comment 31 for bug 1489111
Revision history for this message
| Salvatore Orlando (salvatore-orlando) wrote Re: IP, MAC, and DHCP spoofing rules can by bypassed by changing device_owner (CVE-2015-5240) | #31 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
I verified the updated patches with Kevin.
I think this explains why I was observing the weird behaviour noted in the review with:
"the policy change works but it seems weird as it's an or condition and is acting as a "and". Perhaps the policy engine is not operating as expected here. This is unrelated to this patch however."
Basically the typo was causing the policy engine to enforce a different kind of check (which always failed afaict). If we merged that patch we would have fixed the security issue, but introduced a functional defect.
The difference between the two patches is minimal, so there's not much else to review.