should looking at an interface with 'ifconfig' trigger a
?change ?
Andrew Thompson
thompsa at FreeBSD.org
Sat Aug 9 06:23:46 UTC 2008
On Fri, Aug 08, 2008 at 03:18:36PM +0200, Oliver Fromme wrote:
> Andrew Thompson wrote:
> > Pete French wrote:
> > > > The bce driver is not properly generating link state events.
> > >
> > > OK, that explains why it doesnt failover - but why does looking at it
> > > with ifconfig make a difference ? surely that should be 'read only ?
> >
> > ifconfig will cause the media status to be read from the hardware at
> > which time the link change is generated as it is different to the stored
> > value.
>
> Shouldn't that be considered a security flaw? After all,
> you can perform "ifconfig $IF" inside a jail to list the
> interface configuration, but you're not allowed to make
> any changes.
>
> Given your description above, it means that it is possible
> to modify the interface configuration (cause a failover)
> from within a jail. That's not good. I think that needs
> to be fixed, or at the very least it needs to be properly
> documented.
I dont think its a security flaw, this is meant to happen automatically
after all. You cant make ifconfig change the link status within a jail,
just catch up on reality.
Andrew
More information about the freebsd-stable
mailing list