From owner-freebsd-hackers Sun Aug 6 16:15:23 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9169737BAB2; Sun, 6 Aug 2000 16:15:18 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id TAA90717; Sun, 6 Aug 2000 19:14:59 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 6 Aug 2000 19:14:59 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: vns@delta.odessa.ua Cc: freebsd-hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: vmware changes result in nasty bridging mess In-Reply-To: <200008032335.TAA01440@jupiter.delta.ny.us> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 3 Aug 2000, Vladimir N. Silyaev wrote: > >Bridging on by default may > >have nasty side effects for multi-interface machines (especially security > >side effects). > It's several ways to work around about that: > - compile kernel without bridging support. > - remove bridge starting code vmware.sh file in rc.d directory. > - create special bridge cluster with one real interface and with one emulated Actually, I was hoping that the vmware port wouldn't interfere with existing configurations on the box :-). I compile in the BRIDGE code so that I can test/develop with it, not so that ethernet support on the notebook can be broken after I install the vmware port, or so that a port can arbitrarily turn on bridging of all attached ethernet devices. > >I haven't read the code (I admit) but I finding the > >current behavior both (a) irritating (messages) and (b) worrying > >(unpredicted bridging with potential side effects). > I don't know I never seen such effect. Could you to do more testing > about that. The behavior with the wi0 ethernet driver seems to be continuous printing of the output included in my previous message. With the ep0 driver, the results are actually much worse -- I'm unable to use networking at all while the bridging sysctl is enabled (the default). While the sysctl is enabled, dhclient fails for that interface, and any attempt to manually configure and use it results in a route not found. When I disable the sysctl, networking begins to work on the box. The following default-installed startup script is really, really scary: sysctl net.link.ether.bridge_refresh && bridge="_bridge" kldload if_tap.ko echo -n >/compat/linux/dev/vmnet1 ifconfig vmnet1 $host_ip netmask $netmask if [ _$bridge != _ ]; then sysctl -w net.link.ether.bridge_refresh=1 sysctl -w net.link.ether.bridge=1 fi Un-announced, the vmware port enabled bridging between the ethernet interfaces on my notebook, generated voluminous output for wi0, and broke networking for ep0. This is a security risk, in that it automatically enables bridging between previously un-connected LAN segments that may have different security properties. This is against POLA in that it breaks functionality (networking), bridges packets unto unexpected segments (potentially breaking many other things, especially DHCP), etc. Previously, use of networking support would create a virtual network between the host and the guest OS, but not affect other networking functionality. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message