[Bug 200185] [PATCH] Deprecation of sysctl variable net.link.tap.user_open: opening by user is based on node permissions, no need for this variable

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu May 14 02:58:14 UTC 2015


            Bug ID: 200185
           Summary: [PATCH] Deprecation of sysctl variable
                    net.link.tap.user_open: opening by user is based on
                    node permissions, no need for this variable
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: yuri at rawbw.com
          Keywords: patch

Created attachment 156767
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156767&action=edit

net.link.tap.user_open does two thing:
* prevents non-root users to open /dev/tapN
* prevents non-root users to clone /dev/tapN

The first function is performed by the node permissions, as set by the admin.
There is no need for this additional way to limit users to open devices.

The second function refers to the legacy cloning process. When some process
attempts to open the non-existent device, devfs tries to call 'clone' functions
of all available modules to see if they can auto-create such device. 'tapclone'
is the relevant function in 'tap' module.

There is another sysctl variable net.link.tap.devfs_cloning, that currently
allows/disallows cloning for everybody, and then net.link.tap.user_open checks
for PRIV_NET_IFCREATE when set.

The new behavior is that net.link.tap.devfs_cloning also checks credentials
based on PRIV_NET_IFCREATE, like this is currently for tunN.

Practically speaking, net.link.tap.user_open is always in the way of every user
process which needs to use /dev/tapN, while such limitation is not necessary at
all. Ex. user being in the 'network' group should be entirely sufficient. Admin
should set these permissions.

Also, I doubt that PRIV_NET_IFCREATE even works properly, because I wasn't able
to clone /dev/tapN even when my user is in wheel and network groups, and /dev
is owned by root:wheel and has 0777 mask. I still got 'Permission denied'.

I suggest to apply this patch to 11 (trunk) only, because it incurs an
interface change.

Also the following note should be added to the Change Log for 11.0:
* net.link.tap.user_open sysctl variable is deprecated. Opening of /dev/tapN is
now based on the node permissions and user credentials only. The meaning of
net.link.tap.devfs_cloning has changed: when set to non-zero it allows
/dev/tapN cloning to users with PRIV_NET_IFCREATE privilege.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list