should looking at an interface with 'ifconfig' trigger a ?change ?

Oliver Fromme olli at
Fri Aug 8 13:18:51 UTC 2008

Andrew Thompson wrote:
 > Pete French wrote:
 > > > The bce driver is not properly generating link state events.
 > > 
 > > OK, that explains why it doesnt failover - but why does looking at it
 > > with ifconfig make a difference ? surely that should be 'read only ?
 > ifconfig will cause the media status to be read from the hardware at
 > which time the link change is generated as it is different to the stored
 > value.

Shouldn't that be considered a security flaw?  After all,
you can perform "ifconfig $IF" inside a jail to list the
interface configuration, but you're not allowed to make
any changes.

Given your description above, it means that it is possible
to modify the interface configuration (cause a failover)
from within a jail.  That's not good.  I think that needs
to be fixed, or at the very least it needs to be properly

Best regards

Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:

"I started using PostgreSQL around a month ago, and the feeling is
similar to the switch from Linux to FreeBSD in '96 -- 'wow!'."
        -- Oddbjorn Steffensen

More information about the freebsd-stable mailing list