[Bug 200185] if_tap: Deprecate net.link.tap.user_open sysctl
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Oct 21 14:39:02 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200185
--- Comment #10 from commit-hook at freebsd.org ---
A commit references this bug:
Author: kevans
Date: Mon Oct 21 14:38:12 UTC 2019
New revision: 353798
URL: https://svnweb.freebsd.org/changeset/base/353798
Log:
tuntap(4): restrict scope of net.link.tap.user_open slightly
net.link.tap.user_open has historically allowed non-root users to do devfs
cloning and open /dev/tap* nodes based on permissions. Loosen this up to
make it only allow users to do devfs cloning -- we no longer check it in
tunopen.
This allows tap devices to be created that can actually be opened by a user,
rather than swiftly restricting them to root because the magic sysctl has
not been set.
The sysctl has not yet been completely deprecated, because more thought is
needed for how to handle the devfs cloning case. There is not an easy
suitable replacement for the sysctl there, and more care needs to be placed
in determining whether that's OK or not.
PR: 200185
Changes:
head/UPDATING
head/sys/net/if_tuntap.c
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list