Date: Fri, 20 Jan 2023 10:15:39 -0700 From: Alan Somers <asomers@freebsd.org> To: Alexander Leidinger <Alexander@leidinger.net> Cc: "Danilo G. Baio" <dbaio@freebsd.org>, dev-commits-src-all@freebsd.org Subject: Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT Message-ID: <CAOtMX2gwUg1SZXWSWtmBmL=fzt3-3bkWMA1%2BiuyZYh%2BCAh3dUA@mail.gmail.com> In-Reply-To: <20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB@webmail.leidinger.net> References: <202301091857.309Iv87L068285@gitrepo.freebsd.org> <2f4e4ccf-b19a-4f8f-a9e0-72298e500d7c@app.fastmail.com> <CAOtMX2hv182P2HTAPkbYDZiwNxkV2-C%2BWp2%2BL0SpfDpqn2Zccw@mail.gmail.com> <20230120083721.Horde.w2KDmblCBL6A2zxfE-TrZbB@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 20, 2023 at 12:37 AM Alexander Leidinger <Alexander@leidinger.net> wrote: > > Quoting Alan Somers <asomers@freebsd.org> (from Thu, 19 Jan 2023 > 10:11:38 -0700): > > > Ugh, it looks like kldload(2) is doing the privilege check before the > > file existence check. I'm not sure of the best solution: > > * Change kern_kldload to check for file existence first. This would > > ring some alarm bells among security folks, and it isn't totally easy > > to do, either. > > * Change ifconfig(8) to do an existence check of its own. This > > would be ugly. > > * Change ifconfig(8) so that it doesn't attempt to load modules when > > just listing an interface. This might be incomplete, but is probably > > worth doing anyway. > > Isn't this affecting all ifconfig operations in a _vnet_ jail, not > only listing an interface? > > Would it be sensible to revert the commit until there is a solution? > > From a quick look I have the impression it makes sense to set noload > to true in a jail (in that case ifmaybeload returns and the problem > should go away). I think this is the best idea I've heard so far. I'll prepare a change.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2gwUg1SZXWSWtmBmL=fzt3-3bkWMA1%2BiuyZYh%2BCAh3dUA>