On Sun, May 13, 2007 at 11:17:20PM +0200, Tomas Pospisek wrote:
> Package: mtr
> Version: 0.71-2
> Severity: normal
>
> When mtr is paused, "netstat -a -p" tells me:
>
> Proto/Recv-Q/Send-Q/Local Address/Foreign Address/State/PID/Program name
> udp 0 0 *:33370 *:* 12415/mtr
> raw 0 0 *:icmp *:* 7 12415/mtr
> raw 0 0 *:255 *:* 7 12415/mtr
>
> This does not feel good.
>
> Allthough mtr is "suspended", a potential "attacker" can find out that mtr is
> up on the host. This has security implications.
Under what circumstances would they be able to check this using this method
and also not be able to check this using, say, 'ps'? Please elaborate on the
security implications you are referring to.
> I have not checked whether mtr acctually processes anything that is sent
> to it during this "paused" period.
My reading of select.c is that it calls net_process_return regardless of
whether it is paused or not.
If it didn't, you'd occasionally see false packet loss when pausing and
unpausing, at least if there was any appreciable latency between hosts.
If it closed the socket, it wouldn't be able to reopen it when you unpaused
mtr - mtr would have already dropped the privileges it needed to do that.
> Btw - has #156378 "mtr busy-waits when paused" been closed? It seems to
> be open (reportbug shows it, but bugs.debian.org/156378 doesn't).
No, it hasn't yet.
--
Robert Woodcock - [EMAIL PROTECTED]
"I always make it a point to tell people that 'Halon' is French for
'Exit,' so if they ever get locked in the data center, they know how
to get out."
-- seen on slashdot
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
