tcpdump mailing list archives
RE: WARNING: interface change for pcap_findalldevs_ex()
From: "Fulvio Risso" <fulvio.risso () polito it>
Date: Thu, 5 Jun 2003 18:03:22 +0200
Hi Michael.
-----Original Message----- From: Michael Richardson [mailto:mcr () sandelman ottawa on ca] Sent: giovedi 5 giugno 2003 15.09 To: Fulvio Risso Cc: winpcap-users () winpcap polito it; tcpdump-workers () tcpdump org Subject: Re: [tcpdump-workers] WARNING: interface change for pcap_findalldevs_ex()"Fulvio" == Fulvio Risso <fulvio.risso () polito it> writes:Fulvio> int pcap_findalldevs_ex(char *source, struct pcap_rmtauth *auth, Fulvio> pcap_if_t **alldevs, char *errbuf); Fulvio> where 'source' will adopt the same syntax defined for the pcap_open(): Fulvio> rpcap:// ==> lists all local adapters Fulvio> rpcap://hostname:port/ ==> lists all remote adapters Fulvio> file://folder/ ==> lists all files into 'folder' My only concern is why pcap should do this at all.
File listing has been discussed some weeks ago in this mlist and nobody complained about that: http://www.tcpdump.org/lists/workers/2003/05/msg00311.html File listing is currently up and running and it will be present in the next version of WinPcap. This feature is currently working on linux and BSD as well (other systems are untested). This feature refers only to local files, so there is no risk at all.
It seems that you may be creating new routes for remote attacks on systems.
Yes, expecially because the remote capture needs a remote daemon (rpcapd) up and running, which is turned off by default. For instance, this daemon is installed (although disabled) in Win32; in UNIX you have even to install it. Is this really a new threat? In any case, you're asking the wrong question. The point is not: is this a security risk? because we can manage to reduce this risk (that is almost inexistent right now). The point is: has the current libpcap everything what people need? Cheers, fulvio
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- WARNING: interface change for pcap_findalldevs_ex() Fulvio Risso (Jun 04)
- Re: WARNING: interface change for pcap_findalldevs_ex() Michael Richardson (Jun 05)
- RE: WARNING: interface change for pcap_findalldevs_ex() Fulvio Risso (Jun 05)
- Re: WARNING: interface change for pcap_findalldevs_ex() Michael Richardson (Jun 05)