From owner-cvs-all@FreeBSD.ORG Wed Apr 13 16:03:49 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9ECAA16A4CF; Wed, 13 Apr 2005 16:03:49 +0000 (GMT) Received: from cyrus.watson.org (cyrus.watson.org [204.156.12.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 521C243D1F; Wed, 13 Apr 2005 16:03:49 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by cyrus.watson.org (Postfix) with ESMTP id 64B9246B8C; Wed, 13 Apr 2005 12:03:48 -0400 (EDT) Date: Wed, 13 Apr 2005 17:04:10 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: "Matthew N. Dodd" In-Reply-To: <200504130030.j3D0UJDN082846@repoman.freebsd.org> Message-ID: <20050413170217.P95037@fledge.watson.org> References: <200504130030.j3D0UJDN082846@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/share/man/man4 tap.4 src/sys/net if_tap.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2005 16:03:49 -0000 On Wed, 13 Apr 2005, Matthew N. Dodd wrote: > mdodd 2005-04-13 00:30:19 UTC > > FreeBSD src repository > > Modified files: > share/man/man4 tap.4 > sys/net if_tap.c > Log: > Provide a sysctl (net.link.tap.user_open) to allow unpriviliged > acces to tap(4) device nodes based on file system permission. > > Duplicate the 'debug.if_tap_debug' sysctl under the > 'net.link.tap' hierarchy. Is there any reason to require suser() at all for open, given that our devfs permissions are conservative? Maybe we should remove that suser() and add a couple for specific tapioctl() calls that are more sensitive? Robert N M Watson