From owner-freebsd-security  Mon Mar 24  9: 2:29 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 174B737B401; Mon, 24 Mar 2003 09:02:25 -0800 (PST)
Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2D9F443F85; Mon, 24 Mar 2003 09:02:24 -0800 (PST)
	(envelope-from hawkeyd@visi.com)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by bodb.mc.mpls.visi.com (Postfix) with ESMTP
	id 6E8EE49A2; Mon, 24 Mar 2003 11:02:23 -0600 (CST)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.6/8.11.6) id h2OH2MZ08732;
	Mon, 24 Mar 2003 11:02:22 -0600 (CST)
	(envelope-from hawkeyd)
Date: Mon, 24 Mar 2003 11:02:22 -0600
From: D J Hawkey Jr <hawkeyd@visi.com>
To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
Cc: twig les <twigles@yahoo.com>, freebsd-security@FreeBSD.ORG
Subject: Re: another TCPDump update question (going slightly off-topic)
Message-ID: <20030324110222.A8625@sheol.localdomain>
Reply-To: hawkeyd@visi.com
References: <20030311231326.82217.qmail@web10107.mail.yahoo.com> <20030324151410.GE94153@madman.celabo.org> <20030324093021.A8296@sheol.localdomain> <20030324160020.GA1911@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20030324160020.GA1911@madman.celabo.org>; from nectar@FreeBSD.ORG on Mon, Mar 24, 2003 at 10:00:20AM -0600
X-Spam-Status: No, hits=-31.8 required=5.0
	tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT,
	      RCVD_IN_UNCONFIRMED_DSBL,REFERENCES,REPLY_WITH_QUOTES,
	      USER_AGENT_MUTT
	autolearn=ham	version=2.50
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mar 24, at 10:00 AM, Jacques A. Vidrine wrote:
> 
> On Mon, Mar 24, 2003 at 09:30:21AM -0600, D J Hawkey Jr wrote:
> > On Mar 24, at 09:14 AM, Jacques A. Vidrine wrote:
> > > You didn't miss anything.  There won't be a security advisory for this
> > > issue.
> > 
> > No?
> > 
> > Without insulting anyone, may I ask why not? tcpdump is included in the
> > base/standard OS, afterall, and so is libpcap, which appears to be related.
> > 
> > IIRC, there have been SAs for DOS vulnerabilities before. What or where
> > is the line for what is or is not eligible for a SA?
> 
> Well, there are no hard-n-fast rules.  It's a judgement call.  We
> generally limit SAs to those issues that we deem `important', so as
> not to devalue them.  (c.f. The Boy Who Cried Wolf)

I can appreciate this, yes. Might it not be worth a SN, though?

> You're right: there have been SAs for remote DoSs before.  In this
> case, both the cirumstances that could lead to this remote DoS, and
> especially the impact of the bug are so minimal as to not be worth
> updating your system.

I'll defer to your judgement on this; I don't know how easy this hole
is to exploit. But if you'll indulge me, I'm thinking of a larger picture
that this might illustrate:

www.tcpdump.org shows a new libpcap "to go with" the updated tcpdump.
They don't say a vulnerability was in libpcap, but if so, a quick scan
of userland shows that pppd is linked to libpcap. By inference, I would
think kernel-mode PPP falls in line with this, too. Now, there's a
rather big "if" here, but if true, would this then qualify as worthy
of a SA? As an aside, isn't BPF also tied to libpcap?

I guess what my bigger concern is, is how much should a diligent SysAdmin
have to scan external entities to be up on vulnerabilities of utilities
that are part of the base/standard OS? My gut feeling is, "None, The
Project should inform the user base.", but that may be too high a bar
for what is esentially a for-free product. If my feeling is wrong, then
I have to wonder if these utilities that are not "truly BSD" shouldn't
be in the ports collection, and removed from the base?

Having said all this, I do in fact applaud you and your team for what
you do provide, considering it's all done gratis.

> Cheers,
> Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/

Thanks for listening,
Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message