lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 28 May 2010 13:05:25 -0600
From:	Jeffrey Merkey <jeffmerkey@...il.com>
To:	Eric Dumazet <eric.dumazet@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: Question about SIOCGIFCONF

The code in question is net-tools/lib/interface.c function
if_readproc() and associated routines.  Looks like a hole.

Jeff

On Fri, May 28, 2010 at 1:02 PM, Jeffrey Merkey <jeffmerkey@...il.com> wrote:
> Review of the net-tools source code for IFCONFIG indicates that when
> /proc is not loaded and/or /proc/net/dev is not available, IFCONFIG
> will attempt to use this ioctl to determine which interfaces are
> present in the system.  Since the ioctl will not report unbound
> interfaces which are active, IFCONFIG will not properly report or
> detect network adapters which are unbound.  This seems to be a hole,
> although most of the time I assume /proc will always be mounted.
> Someone should review this and make a decision as to whether or not
> this could be a problem.  At any rate, it does not work as advertised.
>
> Jeff
>
> On Fri, May 28, 2010 at 12:31 PM, Jeffrey Merkey <jeffmerkey@...il.com> wrote:
>> Actually,  I verified last night it only returns interfaces which have
>> been bound to an IP address.  It does not return any interfaces which
>> are active but for which an IP address has not been bound.  So what I
>> said is accurate.  it's fucking busted.
>>
>> /proc/net/dev returns ALL interfaces.  this ioctl does not.
>>
>> Jeff
>>
>> On Thu, May 27, 2010 at 10:57 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
>>> Le jeudi 27 mai 2010 à 21:02 -0600, Jeffrey Merkey a écrit :
>>>> Why is SIOGICONF only instrumented to return a single interface lo for
>>>> example.  I noticed that ifconfig always uses /proc/net/dev but the
>>>> older SIOCGIFCONF ioctl seems to be busted.  Anyone have an
>>>> explanation or is this just how the shit is these days or is the
>>>> fucking thing broken (seems to be). ?
>>>
>>> Shit comes from you eyes maybe ?
>>>
>>> Correction : Shit comes from your eyes, definitely.
>>>
>>> Proof :
>>>
>>> # strace -o /tmp/STRACE ifconfig -a
>>> # grep SIOCGIFCONF /tmp/STRACE
>>> ioctl(4, SIOCGIFCONF, {120, {{"lo", {AF_INET, inet_addr("127.0.0.1")}},
>>> {"wlan0", {AF_INET, inet_addr("192.168.1.21")}}, {"ppp0", {AF_INET,
>>> inet_addr("10.150.51.210")}}}}) = 0
>>>
>>>
>>> Part of ifconfig :
>>>
>>>    ifc.ifc_buf = NULL;
>>>    for (;;) {
>>>        ifc.ifc_len = sizeof(struct ifreq) * numreqs;
>>>        ifc.ifc_buf = xrealloc(ifc.ifc_buf, ifc.ifc_len);
>>>
>>>        if (ioctl(skfd, SIOCGIFCONF, &ifc) < 0) {
>>>            perror("SIOCGIFCONF");
>>>            goto out;
>>>        }
>>>        if (ifc.ifc_len == sizeof(struct ifreq) * numreqs) {
>>>            /* assume it overflowed and try again */
>>>            numreqs += 10;
>>>            continue;
>>>        }
>>>        break;
>>>    }
>>>
>>> maybe numreqs should be firt initialized to 64, then doubled each
>>> round...
>>>
>>>
>>>
>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ