Date: Thu, 14 May 2015 02:58:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 200185] [PATCH] Deprecation of sysctl variable net.link.tap.user_open: opening by user is based on node permissions, no need for this variable Message-ID: <bug-200185-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200185 Bug ID: 200185 Summary: [PATCH] Deprecation of sysctl variable net.link.tap.user_open: opening by user is based on node permissions, no need for this variable Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: yuri@rawbw.com Keywords: patch Created attachment 156767 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156767&action=edit patch net.link.tap.user_open does two thing: * prevents non-root users to open /dev/tapN * prevents non-root users to clone /dev/tapN The first function is performed by the node permissions, as set by the admin. There is no need for this additional way to limit users to open devices. The second function refers to the legacy cloning process. When some process attempts to open the non-existent device, devfs tries to call 'clone' functions of all available modules to see if they can auto-create such device. 'tapclone' is the relevant function in 'tap' module. There is another sysctl variable net.link.tap.devfs_cloning, that currently allows/disallows cloning for everybody, and then net.link.tap.user_open checks for PRIV_NET_IFCREATE when set. The new behavior is that net.link.tap.devfs_cloning also checks credentials based on PRIV_NET_IFCREATE, like this is currently for tunN. Practically speaking, net.link.tap.user_open is always in the way of every user process which needs to use /dev/tapN, while such limitation is not necessary at all. Ex. user being in the 'network' group should be entirely sufficient. Admin should set these permissions. Also, I doubt that PRIV_NET_IFCREATE even works properly, because I wasn't able to clone /dev/tapN even when my user is in wheel and network groups, and /dev is owned by root:wheel and has 0777 mask. I still got 'Permission denied'. I suggest to apply this patch to 11 (trunk) only, because it incurs an interface change. Also the following note should be added to the Change Log for 11.0: * net.link.tap.user_open sysctl variable is deprecated. Opening of /dev/tapN is now based on the node permissions and user credentials only. The meaning of net.link.tap.devfs_cloning has changed: when set to non-zero it allows /dev/tapN cloning to users with PRIV_NET_IFCREATE privilege. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200185-8>