should looking at an interface with 'ifconfig' trigger a ?change ?

Andrew Thompson thompsa at
Sat Aug 9 06:23:46 UTC 2008

On Fri, Aug 08, 2008 at 03:18:36PM +0200, Oliver Fromme wrote:
> Andrew Thompson wrote:
>  > Pete French wrote:
>  > > > The bce driver is not properly generating link state events.
>  > > 
>  > > OK, that explains why it doesnt failover - but why does looking at it
>  > > with ifconfig make a difference ? surely that should be 'read only ?
>  > 
>  > ifconfig will cause the media status to be read from the hardware at
>  > which time the link change is generated as it is different to the stored
>  > value.
> Shouldn't that be considered a security flaw?  After all,
> you can perform "ifconfig $IF" inside a jail to list the
> interface configuration, but you're not allowed to make
> any changes.
> Given your description above, it means that it is possible
> to modify the interface configuration (cause a failover)
> from within a jail.  That's not good.  I think that needs
> to be fixed, or at the very least it needs to be properly
> documented.

I dont think its a security flaw, this is meant to happen automatically
after all. You cant make ifconfig change the link status within a jail,
just catch up on reality.


More information about the freebsd-stable mailing list