should looking at an interface with 'ifconfig' trigger
a?change ?
Andrew Thompson
thompsa at FreeBSD.org
Sat Aug 9 06:20:55 UTC 2008
On Fri, Aug 08, 2008 at 04:00:56PM +0200, Marian Hettwer wrote:
> Hi Oliver,
>
> On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme
> >
> > Shouldn't that be considered a security flaw? After all,
> > you can perform "ifconfig $IF" inside a jail to list the
> > interface configuration, but you're not allowed to make
> > any changes.
> >
> > Given your description above, it means that it is possible
> > to modify the interface configuration (cause a failover)
> > from within a jail. That's not good. I think that needs
> > to be fixed, or at the very least it needs to be properly
> > documented.
> >
> And regarding documentation. It should be documented, that lagg(4) won't
> work very well with bce(4). If it's nowhere documented that bce and
> failover with lagg doesn't work, some people might be screwed...
I guess so although bce will not be the only one. Also spanning tree,
carp and dhclient use link state events too, possibly others.
Andrew
More information about the freebsd-stable
mailing list