Date: Tue, 14 Oct 2008 18:39:18 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Robert Watson <rwatson@freebsd.org> Subject: bpf does not check PRIV_NET_SETIFFLAGS to set promisc Message-ID: <200810141839.18466.max@love2party.net>
next in thread | raw e-mail | index | archive | help
Hi, replying to a question on the tcpdump ML, I just realized that we allow users who have permissions on bpf to bypass PRIV_NET_SETIFFLAGS for setting promiscuous mode. This certainly is not a security problem per se - as bpf access is a mighty permission on its own and shouldn't be given out to untrusted users ... so this is just an "is this intended?" type of thing. BTW, I strongly vote for keeping the possibility to use bpf (in promisc mode) for non-root users. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810141839.18466.max>