Re: should looking at an interface with 'ifconfig' trigger a ?change ?



Andrew Thompson wrote:
Pete French wrote:
The bce driver is not properly generating link state events.

OK, that explains why it doesnt failover - but why does looking at it
with ifconfig make a difference ? surely that should be 'read only ?

ifconfig will cause the media status to be read from the hardware at
which time the link change is generated as it is different to the stored
value.

Shouldn't that be considered a security flaw? After all,
you can perform "ifconfig $IF" inside a jail to list the
interface configuration, but you're not allowed to make
any changes.

Given your description above, it means that it is possible
to modify the interface configuration (cause a failover)
from within a jail. That's not good. I think that needs
to be fixed, or at the very least it needs to be properly
documented.

Best regards
Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd

"I started using PostgreSQL around a month ago, and the feeling is
similar to the switch from Linux to FreeBSD in '96 -- 'wow!'."
-- Oddbjorn Steffensen
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"