| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1275077173.2472.3.camel@edumazet-laptop> Date: Fri, 28 May 2010 22:06:13 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Jeffrey Merkey <jeffmerkey@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Question about SIOCGIFCONF Le vendredi 28 mai 2010 à 13:05 -0600, Jeffrey Merkey a écrit : > The code in question is net-tools/lib/interface.c function > if_readproc() and associated routines. Looks like a hole. > > Jeff > > On Fri, May 28, 2010 at 1:02 PM, Jeffrey Merkey <jeffmerkey@...il.com> wrote: > > Review of the net-tools source code for IFCONFIG indicates that when > > /proc is not loaded and/or /proc/net/dev is not available, IFCONFIG > > will attempt to use this ioctl to determine which interfaces are > > present in the system. Since the ioctl will not report unbound > > interfaces which are active, IFCONFIG will not properly report or > > detect network adapters which are unbound. This seems to be a hole, > > although most of the time I assume /proc will always be mounted. > > Someone should review this and make a decision as to whether or not > > this could be a problem. At any rate, it does not work as advertised. > > Maybe you could forget about a 20 years old legacy program and use the real thing : ip ip link ip addr ... Alternatively, you could rewrite ifconfig to use modern API. (Not depending on /proc , at all) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists