Hi Michael. > -----Original Message----- > From: Michael Richardson [mailto:[EMAIL PROTECTED] > Sent: giovedi 5 giugno 2003 15.09 > To: Fulvio Risso > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [tcpdump-workers] WARNING: interface change for > pcap_findalldevs_ex() > > > > >>>>> "Fulvio" == Fulvio Risso <[EMAIL PROTECTED]> writes: > Fulvio> int pcap_findalldevs_ex(char *source, struct > pcap_rmtauth *auth, > Fulvio> pcap_if_t **alldevs, char *errbuf); > > Fulvio> where 'source' will adopt the same syntax defined for > the pcap_open(): > Fulvio> rpcap:// ==> lists all local adapters > Fulvio> rpcap://hostname:port/ ==> lists all remote adapters > Fulvio> file://folder/ ==> lists all files into 'folder' > > My only concern is why pcap should do this at all.
File listing has been discussed some weeks ago in this mlist and nobody complained about that: http://www.tcpdump.org/lists/workers/2003/05/msg00311.html File listing is currently up and running and it will be present in the next version of WinPcap. This feature is currently working on linux and BSD as well (other systems are untested). This feature refers only to local files, so there is no risk at all. > It seems that you may be creating new routes for remote attacks > on systems. Yes, expecially because the remote capture needs a remote daemon (rpcapd) up and running, which is turned off by default. For instance, this daemon is installed (although disabled) in Win32; in UNIX you have even to install it. Is this really a new threat? In any case, you're asking the wrong question. The point is not: is this a security risk? because we can manage to reduce this risk (that is almost inexistent right now). The point is: has the current libpcap everything what people need? Cheers, fulvio > > ] ON HUMILITY: to err is human. To moo, bovine. | > firewalls [ > ] Michael Richardson, Sandelman Software Works, Ottawa, ON > |net architect[ > ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ > |device driver[ > ] panic("Just another Debian GNU/Linux using, kernel hacking, > security guy"); [ ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
