> ... the right thing to do is not to disable source routing, but to
> fix sendmail (or run something else, something that _does_ know that
> peer IP addresses cannot be trusted unless any source-route options
> have been explicitly removed).

Fixing all the code that makes assumptions based solely on the IP
address would certainly be a good thing.  Here are some of them that
come to mind:

        sendmail, postfix  (relay checks)
        inn                (posting, reading)
        apache             (enforce local-only pages)

Given the choice of either teaching the programs about checking for
either form of source routing, or not using "traceroute -g" across my
ipf filter, I'll personally choose the lazy way out and not use the
traceroute. ;-)

Now, if one were to "fix" getpeername(), accept() et. al. to return
the true source of the IP datagram, the effect of accepting LSR and
SSR might not be that great.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/

(NOTE: The email address above is valid.  Edit it at your own peril.)