Date: Mon, 24 Mar 2003 11:02:22 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: twig les <twigles@yahoo.com>, freebsd-security@FreeBSD.ORG Subject: Re: another TCPDump update question (going slightly off-topic) Message-ID: <20030324110222.A8625@sheol.localdomain> In-Reply-To: <20030324160020.GA1911@madman.celabo.org>; from nectar@FreeBSD.ORG on Mon, Mar 24, 2003 at 10:00:20AM -0600 References: <20030311231326.82217.qmail@web10107.mail.yahoo.com> <20030324151410.GE94153@madman.celabo.org> <20030324093021.A8296@sheol.localdomain> <20030324160020.GA1911@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 24, at 10:00 AM, Jacques A. Vidrine wrote: > > On Mon, Mar 24, 2003 at 09:30:21AM -0600, D J Hawkey Jr wrote: > > On Mar 24, at 09:14 AM, Jacques A. Vidrine wrote: > > > You didn't miss anything. There won't be a security advisory for this > > > issue. > > > > No? > > > > Without insulting anyone, may I ask why not? tcpdump is included in the > > base/standard OS, afterall, and so is libpcap, which appears to be related. > > > > IIRC, there have been SAs for DOS vulnerabilities before. What or where > > is the line for what is or is not eligible for a SA? > > Well, there are no hard-n-fast rules. It's a judgement call. We > generally limit SAs to those issues that we deem `important', so as > not to devalue them. (c.f. The Boy Who Cried Wolf) I can appreciate this, yes. Might it not be worth a SN, though? > You're right: there have been SAs for remote DoSs before. In this > case, both the cirumstances that could lead to this remote DoS, and > especially the impact of the bug are so minimal as to not be worth > updating your system. I'll defer to your judgement on this; I don't know how easy this hole is to exploit. But if you'll indulge me, I'm thinking of a larger picture that this might illustrate: www.tcpdump.org shows a new libpcap "to go with" the updated tcpdump. They don't say a vulnerability was in libpcap, but if so, a quick scan of userland shows that pppd is linked to libpcap. By inference, I would think kernel-mode PPP falls in line with this, too. Now, there's a rather big "if" here, but if true, would this then qualify as worthy of a SA? As an aside, isn't BPF also tied to libpcap? I guess what my bigger concern is, is how much should a diligent SysAdmin have to scan external entities to be up on vulnerabilities of utilities that are part of the base/standard OS? My gut feeling is, "None, The Project should inform the user base.", but that may be too high a bar for what is esentially a for-free product. If my feeling is wrong, then I have to wonder if these utilities that are not "truly BSD" shouldn't be in the ports collection, and removed from the base? Having said all this, I do in fact applaud you and your team for what you do provide, considering it's all done gratis. > Cheers, > Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ Thanks for listening, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030324110222.A8625>