On Wed, 25 Aug 2004 15:06:15 EDT, "Serge E. Hallyn" said: > Yes, this is a convenience/functionality issue rather than a security issue. > If only two of 7 active interfaces are valid for you to use, then should > an ioctl(SIOCGIFCONF) show the other 5 interfaces? Presumably, it doesn't matter much as they won't be allowed to bind to those 5 interfaces anyhow. A bigger concern is going to be "how much software breaks because it does an SIOCGIFCONF and assumes that it can bind to the listed addresses?" (Right off the top of my head, ntpd tries to bind to everything - I don't have the source handy to see if it DTRT if it can't in fact bind to it...)
This archive was generated by hypermail 2.1.3 : Wed Aug 25 2004 - 12:20:04 PDT