From owner-freebsd-security Mon Mar 24 11:19:16 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9884937B404; Mon, 24 Mar 2003 11:19:09 -0800 (PST) Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9CF943FAF; Mon, 24 Mar 2003 11:19:08 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 2100A49F3; Mon, 24 Mar 2003 13:19:08 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id h2OJJ7t09812; Mon, 24 Mar 2003 13:19:07 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 24 Mar 2003 13:19:07 -0600 From: D J Hawkey Jr To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: another TCPDump update question (going slightly off-topic) Message-ID: <20030324131907.A9716@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20030311231326.82217.qmail@web10107.mail.yahoo.com> <20030324151410.GE94153@madman.celabo.org> <20030324093021.A8296@sheol.localdomain> <20030324160020.GA1911@madman.celabo.org> <20030324110222.A8625@sheol.localdomain> <20030324184428.GH1911@madman.celabo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030324184428.GH1911@madman.celabo.org>; from nectar@FreeBSD.ORG on Mon, Mar 24, 2003 at 12:44:28PM -0600 X-Spam-Status: No, hits=-32.1 required=5.0 tests=AWL,EMAIL_ATTRIBUTION,IN_REP_TO,QUOTED_EMAIL_TEXT, QUOTE_TWICE_1,RCVD_IN_UNCONFIRMED_DSBL,REFERENCES, REPLY_WITH_QUOTES,USER_AGENT_MUTT autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mar 24, at 12:44 PM, Jacques A. Vidrine wrote: > > On Mon, Mar 24, 2003 at 11:02:22AM -0600, D J Hawkey Jr wrote: > > > > www.tcpdump.org shows a new libpcap "to go with" the updated tcpdump. > > They don't say a vulnerability was in libpcap, but if so, a quick scan > > of userland shows that pppd is linked to libpcap. By inference, I would > > think kernel-mode PPP falls in line with this, too. Now, there's a > > rather big "if" here, but if true, would this then qualify as worthy > > of a SA? As an aside, isn't BPF also tied to libpcap? > > The `if' is indeed big. The assumptions in the above paragraph > don't hold: > (1) The vulnerability was in a tcpdump printer, not libpcap. > (2) While pppd does indeed use libpcap to implement packet filtering, > kernel-mode PPP most certainly does not. > (3) libpcap's live-capture mode is implemented on top of bpf, not the > other way 'round. I stand corrected. Thanks. > But as for this issue ... I honestly do not think it is important to > any FreeBSD user. The only possible exception might be someone > deploying tcpdump or tcpdump code fragments as part of an intrusion > detection system (seems unlikely). > > Remember guys, we're talking about a command-line utility going into > an infinite loop. No crashes. No code execution. No nothing, it > just sits there printing to stdout. OK, I picked a bad example to illustrate my "bigger concern", as this issue isn't a security issue. My bad. > > If my feeling is wrong... > > Your feeling may be wrong in only one way: you seem to be assuming > that the tcpdump issue did not get treatment... > > i.e. the issue got handled with as much thoroughness as any issue that > affects the base system does... Oh, no, no... I didn't mean to imply that you blithly (sp?) dismissed the vulnerability out-of-hand. I know you're better than that. Thanks again. I'll go away now. Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message