From owner-svn-src-all@freebsd.org Mon Oct 21 14:38:12 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95A06158F25; Mon, 21 Oct 2019 14:38:12 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46xfPw3Pg7z4LbM; Mon, 21 Oct 2019 14:38:12 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 53F5A25609; Mon, 21 Oct 2019 14:38:12 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x9LEcCt5040600; Mon, 21 Oct 2019 14:38:12 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x9LEcB1v040599; Mon, 21 Oct 2019 14:38:11 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201910211438.x9LEcB1v040599@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Mon, 21 Oct 2019 14:38:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r353798 - in head: . sys/net X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: in head: . sys/net X-SVN-Commit-Revision: 353798 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2019 14:38:12 -0000 Author: kevans Date: Mon Oct 21 14:38:11 2019 New Revision: 353798 URL: https://svnweb.freebsd.org/changeset/base/353798 Log: tuntap(4): restrict scope of net.link.tap.user_open slightly net.link.tap.user_open has historically allowed non-root users to do devfs cloning and open /dev/tap* nodes based on permissions. Loosen this up to make it only allow users to do devfs cloning -- we no longer check it in tunopen. This allows tap devices to be created that can actually be opened by a user, rather than swiftly restricting them to root because the magic sysctl has not been set. The sysctl has not yet been completely deprecated, because more thought is needed for how to handle the devfs cloning case. There is not an easy suitable replacement for the sysctl there, and more care needs to be placed in determining whether that's OK or not. PR: 200185 Modified: head/UPDATING head/sys/net/if_tuntap.c Modified: head/UPDATING ============================================================================== --- head/UPDATING Mon Oct 21 14:34:40 2019 (r353797) +++ head/UPDATING Mon Oct 21 14:38:11 2019 (r353798) @@ -26,6 +26,15 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20191021: + The net.link.tap.user_open sysctl no longer prevents user opening of + already created /dev/tapNN devices. Access is still controlled by + node permissions, just like tun devices. The net.link.tap.user_open + sysctl is now used only to allow users to perform devfs cloning of + tap devices, and the subsequent open may not succeed if the user is not + in the appropriate group. This sysctl may be deprecated/removed + completely in the future. + 20191009: mips, powerpc, and sparc64 are no longer built as part of universe / tinderbox unless MAKE_OBSOLETE_GCC is defined. If Modified: head/sys/net/if_tuntap.c ============================================================================== --- head/sys/net/if_tuntap.c Mon Oct 21 14:34:40 2019 (r353797) +++ head/sys/net/if_tuntap.c Mon Oct 21 14:38:11 2019 (r353798) @@ -181,7 +181,7 @@ static const char vmnetname[] = "vmnet"; static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface"); static int tundebug = 0; static int tundclone = 1; -static int tap_allow_uopen = 0; /* allow user open() */ +static int tap_allow_uopen = 0; /* allow user devfs cloning */ static int tapuponopen = 0; /* IFF_UP on open() */ static int tapdclone = 1; /* enable devfs cloning */ @@ -202,7 +202,7 @@ SYSCTL_INT(_net_link_tun, OID_AUTO, devfs_cloning, CTL static SYSCTL_NODE(_net_link, OID_AUTO, tap, CTLFLAG_RW, 0, "Ethernet tunnel software network interface"); SYSCTL_INT(_net_link_tap, OID_AUTO, user_open, CTLFLAG_RW, &tap_allow_uopen, 0, - "Allow user to open /dev/tap (based on node permissions)"); + "Enable legacy devfs interface creation for all users"); SYSCTL_INT(_net_link_tap, OID_AUTO, up_on_open, CTLFLAG_RW, &tapuponopen, 0, "Bring interface up when /dev/tap is opened"); SYSCTL_INT(_net_link_tap, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tapdclone, 0, @@ -1047,17 +1047,6 @@ tunopen(struct cdev *dev, int flag, int mode, struct t if (error != 0) { CURVNET_RESTORE(); return (error); /* Shouldn't happen */ - } - - if ((tunflags & TUN_L2) != 0) { - /* Restrict? */ - if (tap_allow_uopen == 0) { - error = priv_check(td, PRIV_NET_TAP); - if (error != 0) { - CURVNET_RESTORE(); - return (error); - } - } } tp = dev->si_drv1;