Package: mtr Version: 0.71-2 Severity: normal When mtr is paused, "netstat -a -p" tells me:
Proto/Recv-Q/Send-Q/Local Address/Foreign Address/State/PID/Program name udp 0 0 *:33370 *:* 12415/mtr raw 0 0 *:icmp *:* 7 12415/mtr raw 0 0 *:255 *:* 7 12415/mtr This does not feel good. Allthough mtr is "suspended", a potential "attacker" can find out that mtr is up on the host. This has security implications. I have not checked whether mtr acctually processes anything that is sent to it during this "paused" period. Btw - has #156378 "mtr busy-waits when paused" been closed? It seems to be open (reportbug shows it, but bugs.debian.org/156378 doesn't). *t -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages mtr depends on: ii libatk1.0-0 1.12.4-3 The ATK accessibility toolkit ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libglib2.0-0 2.12.4-2 The GLib library of C routines hi libgtk2.0-0 2.8.20-7 The GTK+ graphical user interface ii libncurses5 5.5-5 Shared libraries for terminal hand hi libpango1.0-0 1.14.8-5 Layout and rendering of internatio mtr recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
