From owner-freebsd-current@FreeBSD.ORG  Tue Oct 14 16:39:21 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 08985106568B
	for <freebsd-current@freebsd.org>; Tue, 14 Oct 2008 16:39:21 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.171])
	by mx1.freebsd.org (Postfix) with ESMTP id 8C2C08FC1E
	for <freebsd-current@freebsd.org>; Tue, 14 Oct 2008 16:39:20 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from vampire.homelinux.org (dslb-088-066-016-013.pools.arcor-ip.net
	[88.66.16.13])
	by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis)
	id 0ML25U-1KpmvX0d9m-0000za; Tue, 14 Oct 2008 18:39:19 +0200
Received: (qmail 1448 invoked from network); 14 Oct 2008 16:39:18 -0000
Received: from fbsd8.laiers.local (192.168.4.151)
	by mx.laiers.local with SMTP; 14 Oct 2008 16:39:18 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-current@freebsd.org
Date: Tue, 14 Oct 2008 18:39:18 +0200
User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; )
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200810141839.18466.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX1+bEnnMU5WRYghbRgf6Db5LUjHKH63eA+K3yKJ
	nG/o/QN+xMYAe/mC48VLzg9QeLYV3Z3Clbtn1ArD2ml68GK711
	2oA10Nxn+SSRW4DSckiaQ==
Cc: Robert Watson <rwatson@freebsd.org>
Subject: bpf does not check PRIV_NET_SETIFFLAGS to set promisc
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Oct 2008 16:39:21 -0000

Hi,

replying to a question on the tcpdump ML, I just realized that we allow users 
who have permissions on bpf to bypass PRIV_NET_SETIFFLAGS for setting 
promiscuous mode.  This certainly is not a security problem per se - as bpf 
access is a mighty permission on its own and shouldn't be given out to 
untrusted users ... so this is just an "is this intended?" type of thing.

BTW, I strongly vote for keeping the possibility to use bpf (in promisc mode) 
for non-root users.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News