From owner-freebsd-security@FreeBSD.ORG Sat Aug 9 06:23:45 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA0A11065684; Sat, 9 Aug 2008 06:23:45 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from pele.citylink.co.nz (pele.citylink.co.nz [202.8.44.226]) by mx1.freebsd.org (Postfix) with ESMTP id A68188FC1C; Sat, 9 Aug 2008 06:23:45 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by pele.citylink.co.nz (Postfix) with ESMTP id 144152BD18; Sat, 9 Aug 2008 18:01:31 +1200 (NZST) X-Virus-Scanned: Debian amavisd-new at citylink.co.nz Received: from pele.citylink.co.nz ([127.0.0.1]) by localhost (pele.citylink.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PJkLwBnRsNj; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Received: from citylink.fud.org.nz (unknown [202.8.44.45]) by pele.citylink.co.nz (Postfix) with ESMTP; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Received: by citylink.fud.org.nz (Postfix, from userid 1001) id 141DA1142A; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Date: Fri, 8 Aug 2008 23:01:26 -0700 From: Andrew Thompson To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Message-ID: <20080809060126.GB95107@citylink.fud.org.nz> References: <20080807173525.GB37969@citylink.fud.org.nz> <200808081318.m78DIaXJ017555@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> User-Agent: Mutt/1.5.17 (2007-11-01) X-Mailman-Approved-At: Sat, 09 Aug 2008 13:34:04 +0000 Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2008 06:23:46 -0000 On Fri, Aug 08, 2008 at 03:18:36PM +0200, Oliver Fromme wrote: > Andrew Thompson wrote: > > Pete French wrote: > > > > The bce driver is not properly generating link state events. > > > > > > OK, that explains why it doesnt failover - but why does looking at it > > > with ifconfig make a difference ? surely that should be 'read only ? > > > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. I dont think its a security flaw, this is meant to happen automatically after all. You cant make ifconfig change the link status within a jail, just catch up on reality. Andrew