| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTin5RRIrSwenr1wCuJlEvydVD9_d3U2ZLitSXigs@mail.gmail.com>
Date: Fri, 28 May 2010 13:05:25 -0600
From: Jeffrey Merkey <jeffmerkey@...il.com>
To: Eric Dumazet <eric.dumazet@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: Question about SIOCGIFCONF
The code in question is net-tools/lib/interface.c function
if_readproc() and associated routines. Looks like a hole.
Jeff
On Fri, May 28, 2010 at 1:02 PM, Jeffrey Merkey <jeffmerkey@...il.com> wrote:
> Review of the net-tools source code for IFCONFIG indicates that when
> /proc is not loaded and/or /proc/net/dev is not available, IFCONFIG
> will attempt to use this ioctl to determine which interfaces are
> present in the system. Since the ioctl will not report unbound
> interfaces which are active, IFCONFIG will not properly report or
> detect network adapters which are unbound. This seems to be a hole,
> although most of the time I assume /proc will always be mounted.
> Someone should review this and make a decision as to whether or not
> this could be a problem. At any rate, it does not work as advertised.
>
> Jeff
>
> On Fri, May 28, 2010 at 12:31 PM, Jeffrey Merkey <jeffmerkey@...il.com> wrote:
>> Actually, I verified last night it only returns interfaces which have
>> been bound to an IP address. It does not return any interfaces which
>> are active but for which an IP address has not been bound. So what I
>> said is accurate. it's fucking busted.
>>
>> /proc/net/dev returns ALL interfaces. this ioctl does not.
>>
>> Jeff
>>
>> On Thu, May 27, 2010 at 10:57 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
>>> Le jeudi 27 mai 2010 à 21:02 -0600, Jeffrey Merkey a écrit :
>>>> Why is SIOGICONF only instrumented to return a single interface lo for
>>>> example. I noticed that ifconfig always uses /proc/net/dev but the
>>>> older SIOCGIFCONF ioctl seems to be busted. Anyone have an
>>>> explanation or is this just how the shit is these days or is the
>>>> fucking thing broken (seems to be). ?
>>>
>>> Shit comes from you eyes maybe ?
>>>
>>> Correction : Shit comes from your eyes, definitely.
>>>
>>> Proof :
>>>
>>> # strace -o /tmp/STRACE ifconfig -a
>>> # grep SIOCGIFCONF /tmp/STRACE
>>> ioctl(4, SIOCGIFCONF, {120, {{"lo", {AF_INET, inet_addr("127.0.0.1")}},
>>> {"wlan0", {AF_INET, inet_addr("192.168.1.21")}}, {"ppp0", {AF_INET,
>>> inet_addr("10.150.51.210")}}}}) = 0
>>>
>>>
>>> Part of ifconfig :
>>>
>>> ifc.ifc_buf = NULL;
>>> for (;;) {
>>> ifc.ifc_len = sizeof(struct ifreq) * numreqs;
>>> ifc.ifc_buf = xrealloc(ifc.ifc_buf, ifc.ifc_len);
>>>
>>> if (ioctl(skfd, SIOCGIFCONF, &ifc) < 0) {
>>> perror("SIOCGIFCONF");
>>> goto out;
>>> }
>>> if (ifc.ifc_len == sizeof(struct ifreq) * numreqs) {
>>> /* assume it overflowed and try again */
>>> numreqs += 10;
>>> continue;
>>> }
>>> break;
>>> }
>>>
>>> maybe numreqs should be firt initialized to 64, then doubled each
>>> round...
>>>
>>>
>>>
>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists