> Mark Verber <verber @
com> wrote :
> > Yes, setting IPFORWARDING properly in options or changing ip_forwarding
> > with adb works just as well as editing ip_proto.c. Once again, my primary
> > warning is that source routing happens whether you have IPfowarding on
> > or off.
As I believe has been pointed out on this list in the past, the fact that you
can turn off IPFORWARDING with adb IS part of the problem with this approach.
It's just as easy for someone to turn it back on this way. If you have source
and can actually remove the code that handles the forwarding, you are better
because then if someone DOES manage to get root access (and somehow they
seem to keep finding new and improved ways to do this) it will at least be
more difficult for them to undo your protection.
William A. Gianopoulos; Raytheon Missile Systems Division