should looking at an interface with 'ifconfig' trigger
a?change ?
Marian Hettwer
mh at kernel32.de
Fri Aug 8 14:17:25 UTC 2008
Hi Oliver,
On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme
<olli at lurza.secnetix.de> wrote:
> Andrew Thompson wrote:
> > Pete French wrote:
> > > > The bce driver is not properly generating link state events.
> > >
> > > OK, that explains why it doesnt failover - but why does looking at
it
> > > with ifconfig make a difference ? surely that should be 'read only ?
> >
> > ifconfig will cause the media status to be read from the hardware at
> > which time the link change is generated as it is different to the
> stored
> > value.
>
> Shouldn't that be considered a security flaw? After all,
> you can perform "ifconfig $IF" inside a jail to list the
> interface configuration, but you're not allowed to make
> any changes.
>
> Given your description above, it means that it is possible
> to modify the interface configuration (cause a failover)
> from within a jail. That's not good. I think that needs
> to be fixed, or at the very least it needs to be properly
> documented.
>
And regarding documentation. It should be documented, that lagg(4) won't
work very well with bce(4). If it's nowhere documented that bce and
failover with lagg doesn't work, some people might be screwed...
Just my 0,02 cents
./Marian
More information about the freebsd-stable
mailing list