Date: Tue, 1 Jun 1999 18:06:09 -0400 (EDT) From: Mikhail Teterin <mi@aldan.algebra.com> To: brian@Awfulhak.org (Brian Somers) Cc: mi@aldan.algebra.com, brian@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/11981: access to tunN devices not allowed to non-root despite permissions Message-ID: <199906012206.SAA47055@misha.cisco.com> In-Reply-To: <199906012041.VAA09064@keep.lan.Awfulhak.org> from Brian Somers at "Jun 1, 1999 09:41:28 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers once wrote: > > The fact that it's pointless (as far as you or me can see today), > > does not mean it should not be possible. Currently, according to > > your mail, the driver performs the useless check. IMHO, it should > > not. > [.....] > I'd argue that removing the suser() check would potentially open > security holes. It's not worth the risk. Well, by this logic, the check must also be put into a number of other. places Disk devices come to mind... I do not mean to insist "out of principle", but it does seem like the additional check in the driver is redundant, and thus wrong... It already lead me to a confusion today when I was trying to ``ktrace ppp ...'': kdump was showing ENOPERM on _opening_ the tun devices... When and if the time comes for the non-root's ability to ifconfig some of the interfaces, the check will have to go anyway. Yours, -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906012206.SAA47055>