From owner-freebsd-stable@FreeBSD.ORG Sat Aug 9 06:07:56 2008 Return-Path: Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C02091065675 for ; Sat, 9 Aug 2008 06:07:56 +0000 (UTC) (envelope-from zanchey@ucc.gu.uwa.edu.au) Received: from mailext3.its.uwa.edu.au (mailext3.its.uwa.edu.au [130.95.128.54]) by mx1.freebsd.org (Postfix) with ESMTP id 2E9A68FC19 for ; Sat, 9 Aug 2008 06:07:56 +0000 (UTC) (envelope-from zanchey@ucc.gu.uwa.edu.au) Received: from kas30pipe.localhost (localhost.localdomain [127.0.0.1]) by panacea.uwa.edu.au (Postfix) with ESMTP id 4F24687852 for ; Sat, 9 Aug 2008 13:37:57 +0800 (WST) Received: from panacea (localhost.localdomain [127.0.0.1]) by panacea.prekas (Postfix) with SMTP id D07F487D97 for ; Sat, 9 Aug 2008 13:37:56 +0800 (WST) X-UWA-Client-IP: 130.95.13.9 (UWA) Received: from mooneye.ucc.gu.uwa.edu.au (mooneye.ucc.gu.uwa.edu.au [130.95.13.9]) by panacea.extinput (Postfix) with ESMTP id BFC6B87852 for ; Sat, 9 Aug 2008 13:37:56 +0800 (WST) Received: by mooneye.ucc.gu.uwa.edu.au (Postfix, from userid 801) id 27600367D3; Sat, 9 Aug 2008 13:37:57 +0800 (WST) Received: from martello.ucc.gu.uwa.edu.au (martello.ucc.gu.uwa.edu.au [130.95.13.23]) by mooneye.ucc.gu.uwa.edu.au (Postfix) with ESMTP id 063DF367D2; Sat, 9 Aug 2008 13:37:57 +0800 (WST) Received: by martello.ucc.gu.uwa.edu.au (Postfix, from userid 11251) id DC4146C09C; Sat, 9 Aug 2008 13:37:56 +0800 (WST) Received: from localhost (localhost [127.0.0.1]) by martello.ucc.gu.uwa.edu.au (Postfix) with ESMTP id CFEAE6C08D; Sat, 9 Aug 2008 13:37:56 +0800 (WST) Date: Sat, 9 Aug 2008 13:37:56 +0800 (WST) From: David Adam To: Oliver Fromme In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> Message-ID: References: <200808081318.m78DIaXJ017555@lurza.secnetix.de> User-Agent: Alpine 1.10 (DEB 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SpamTest-Envelope-From: zanchey@ucc.gu.uwa.edu.au X-SpamTest-Group-ID: 00000000 X-SpamTest-Info: Profiles 4683 [Aug 9 2008] X-SpamTest-Info: {HEADERS: header Content-Type found without required header Content-Transfer-Encoding} X-SpamTest-Method: none X-SpamTest-Rate: 10 X-SpamTest-Status: Not detected X-SpamTest-Status-Extended: not_detected X-SpamTest-Version: SMTP-Filter Version 3.0.0 [0278], KAS30/Release Cc: freebsd-stable@FreeBSD.ORG Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2008 06:07:56 -0000 On Fri, 8 Aug 2008, Oliver Fromme wrote: > Andrew Thompson wrote: > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. I can't see how this is a security flaw. The link is already down; ifconfig is merely updating the OS' knowlege of the link status to be closer to reality. David Adam zanchey@ucc.gu.uwa.edu.au