Date: Fri, 20 Jan 2023 08:37:21 +0100 From: Alexander Leidinger <Alexander@leidinger.net> To: Alan Somers <asomers@freebsd.org> Cc: "Danilo G. Baio" <dbaio@freebsd.org>, dev-commits-src-all@freebsd.org Subject: Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT Message-ID: <20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB@webmail.leidinger.net> In-Reply-To: <CAOtMX2hv182P2HTAPkbYDZiwNxkV2-C%2BWp2%2BL0SpfDpqn2Zccw@mail.gmail.com> References: <202301091857.309Iv87L068285@gitrepo.freebsd.org> <2f4e4ccf-b19a-4f8f-a9e0-72298e500d7c@app.fastmail.com> <CAOtMX2hv182P2HTAPkbYDZiwNxkV2-C%2BWp2%2BL0SpfDpqn2Zccw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_KFNq1ig_f1GyIqzBxHmZVg6 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Alan Somers <asomers@freebsd.org> (from Thu, 19 Jan 2023=20=20 10:11:38=20-0700): > Ugh, it looks like kldload(2) is doing the privilege check before the > file existence check. I'm not sure of the best solution: > * Change kern_kldload to check for file existence first. This would > ring some alarm bells among security folks, and it isn't totally easy > to do, either. > * Change ifconfig(8) to do an existence check of its own. This=20=20 >=20would be ugly. > * Change ifconfig(8) so that it doesn't attempt to load modules when > just listing an interface. This might be incomplete, but is probably > worth doing anyway. Isn't this affecting all ifconfig operations in a _vnet_ jail, not=20=20 only=20listing an interface? Would it be sensible to revert the commit until there is a solution? From a quick look I have the impression it makes sense to set noload=20=20 to=20true in a jail (in that case ifmaybeload returns and the problem=20=20 should=20go away). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_KFNq1ig_f1GyIqzBxHmZVg6 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmPKRLAACgkQEg2wmwP4 2Ib3Jg/9FLJN2CnlKXnOFCLS4cyuU7INZVDbJDO9kT1p44jrfr/AWNfwXZhAVSY9 O6YGVHkgducA08tjHCJdg9ERfXPGXs0uve6WjcTEcBySBp8H1AvNHvxTS/2Ot/da 9qmeKOVDPgDEl3CEAB4jTlB/Khow7S8grF5iAYXD5jQw3QaVmydgj/RGh5/Eeliq zsZHxFxKjcxtF1m6+DO3OZcWaROhppoNJGasqMLHeP8VQuaX8KTs8VOIqGw6+hzX eNnd6+dt65pxuoQnjN3WXWoYgeBoJFVPdsMSc+OTij2QCM78tznURK4guw0C1VTP qNiFrZ9YPzRZq4SzVO3KEGmt80roYMzmo8ZIK80C/5WOddAJuXkbkH5NYiPhJkGX GvhAaXw6Pfhb9800wb7t2wVAx3H2f/R/FDzcg/8Me1vpRwcY4AGGRSUwt+sAxVV7 xBQHv3JrR5MgOsiKohqOFLO86XqrJpEjbXTqHCX9N0mlgguPIyLPL4EwLdewkFXN hqBfgs6pu9B1EAx1NflkDfMswmrwIcJDHXzvW4ZFKrIDSGNt4q8wkXI80IDurux1 +mXM++Mh7OD/2gIDajApN5mrb09Ei8D5PwItq47vgo0UpLJcHJPFeD7SvLEpqjGz TJrXjBOLVEbIO1NjsBTfay1UhJg5FgGG2VClXtwwK5y1Dg93jTM= =qXXz -----END PGP SIGNATURE----- --=_KFNq1ig_f1GyIqzBxHmZVg6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB>