tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

RE: WARNING: interface change for pcap_findalldevs_ex()

From: "Fulvio Risso" <fulvio.risso () polito it>
Date: Thu, 5 Jun 2003 18:03:22 +0200
Hi Michael.


-----Original Message-----
From: Michael Richardson [mailto:mcr () sandelman ottawa on ca]
Sent: giovedi 5 giugno 2003 15.09
To: Fulvio Risso
Cc: winpcap-users () winpcap polito it; tcpdump-workers () tcpdump org
Subject: Re: [tcpdump-workers] WARNING: interface change for
pcap_findalldevs_ex()




"Fulvio" == Fulvio Risso <fulvio.risso () polito it> writes:

    Fulvio>    int pcap_findalldevs_ex(char *source, struct
pcap_rmtauth *auth,
    Fulvio> pcap_if_t **alldevs, char *errbuf);

    Fulvio> where 'source' will adopt the same syntax defined for
the pcap_open():
    Fulvio>   rpcap://               ==> lists all local adapters
    Fulvio>   rpcap://hostname:port/ ==> lists all remote adapters
    Fulvio>   file://folder/         ==> lists all files into 'folder'

  My only concern is why pcap should do this at all.


File listing has been discussed some weeks ago in this mlist and nobody
complained about that:
   http://www.tcpdump.org/lists/workers/2003/05/msg00311.html

File listing is currently up and running and it will be present in the next
version of WinPcap.
This feature is currently working on linux and BSD as well (other systems
are untested).
This feature refers only to local files, so there is no risk at all.



  It seems that you may be creating new routes for remote attacks
on systems.


Yes, expecially because the remote capture needs a remote daemon (rpcapd) up
and running, which is turned off by default.
For instance, this daemon is installed (although disabled) in Win32; in UNIX
you have even to install it.
Is this really a new threat?

In any case, you're asking the wrong question.
The point is not:
  is this a security risk?

because we can manage to reduce this risk (that is almost inexistent right
now).

The point is:
  has the current libpcap everything what people need?

Cheers,

        fulvio



]       ON HUMILITY: to err is human. To moo, bovine.           |
 firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON
|net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/
|device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking,
security guy"); [


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: