Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jan 2023 10:15:39 -0700
From:      Alan Somers <asomers@freebsd.org>
To:        Alexander Leidinger <Alexander@leidinger.net>
Cc:        "Danilo G. Baio" <dbaio@freebsd.org>, dev-commits-src-all@freebsd.org
Subject:   Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT
Message-ID:  <CAOtMX2gwUg1SZXWSWtmBmL=fzt3-3bkWMA1%2BiuyZYh%2BCAh3dUA@mail.gmail.com>
In-Reply-To: <20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB@webmail.leidinger.net>
References:  <202301091857.309Iv87L068285@gitrepo.freebsd.org> <2f4e4ccf-b19a-4f8f-a9e0-72298e500d7c@app.fastmail.com> <CAOtMX2hv182P2HTAPkbYDZiwNxkV2-C%2BWp2%2BL0SpfDpqn2Zccw@mail.gmail.com> <20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Jan 20, 2023 at 12:37 AM Alexander Leidinger
<Alexander@leidinger.net> wrote:
>
> Quoting Alan Somers <asomers@freebsd.org> (from Thu, 19 Jan 2023
> 10:11:38 -0700):
>
> > Ugh, it looks like kldload(2) is doing the privilege check before the
> > file existence check.  I'm not sure of the best solution:
> > * Change kern_kldload to check for file existence first.  This would
> > ring some alarm bells among security folks, and it isn't totally easy
> > to do, either.
> > * Change ifconfig(8) to do an existence check of its own.  This
> > would be ugly.
> > * Change ifconfig(8) so that it doesn't attempt to load modules when
> > just listing an interface.  This might be incomplete, but is probably
> > worth doing anyway.
>
> Isn't this affecting all ifconfig operations in a _vnet_ jail, not
> only listing an interface?
>
> Would it be sensible to revert the commit until there is a solution?
>
>  From a quick look I have the impression it makes sense to set noload
> to true in a jail (in that case ifmaybeload returns and the problem
> should go away).

I think this is the best idea I've heard so far.  I'll prepare a change.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2gwUg1SZXWSWtmBmL=fzt3-3bkWMA1%2BiuyZYh%2BCAh3dUA>