should looking at an interface with 'ifconfig' trigger a
?change ?
Oliver Fromme
olli at lurza.secnetix.de
Fri Aug 8 13:18:51 UTC 2008
Andrew Thompson wrote:
> Pete French wrote:
> > > The bce driver is not properly generating link state events.
> >
> > OK, that explains why it doesnt failover - but why does looking at it
> > with ifconfig make a difference ? surely that should be 'read only ?
>
> ifconfig will cause the media status to be read from the hardware at
> which time the link change is generated as it is different to the stored
> value.
Shouldn't that be considered a security flaw? After all,
you can perform "ifconfig $IF" inside a jail to list the
interface configuration, but you're not allowed to make
any changes.
Given your description above, it means that it is possible
to modify the interface configuration (cause a failover)
from within a jail. That's not good. I think that needs
to be fixed, or at the very least it needs to be properly
documented.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"I started using PostgreSQL around a month ago, and the feeling is
similar to the switch from Linux to FreeBSD in '96 -- 'wow!'."
-- Oddbjorn Steffensen
More information about the freebsd-stable
mailing list