Date: Sun, 6 Aug 2000 19:14:59 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: vns@delta.odessa.ua Cc: freebsd-hackers@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: vmware changes result in nasty bridging mess Message-ID: <Pine.NEB.3.96L.1000806190759.90634A-100000@fledge.watson.org> In-Reply-To: <200008032335.TAA01440@jupiter.delta.ny.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Aug 2000, Vladimir N. Silyaev wrote:
> >Bridging on by default may
> >have nasty side effects for multi-interface machines (especially security
> >side effects).
> It's several ways to work around about that:
> - compile kernel without bridging support.
> - remove bridge starting code vmware.sh file in rc.d directory.
> - create special bridge cluster with one real interface and with one emulated
Actually, I was hoping that the vmware port wouldn't interfere with
existing configurations on the box :-). I compile in the BRIDGE code so
that I can test/develop with it, not so that ethernet support on the
notebook can be broken after I install the vmware port, or so that a port
can arbitrarily turn on bridging of all attached ethernet devices.
> >I haven't read the code (I admit) but I finding the
> >current behavior both (a) irritating (messages) and (b) worrying
> >(unpredicted bridging with potential side effects).
> I don't know I never seen such effect. Could you to do more testing
> about that.
The behavior with the wi0 ethernet driver seems to be continuous printing
of the output included in my previous message.
With the ep0 driver, the results are actually much worse -- I'm unable to
use networking at all while the bridging sysctl is enabled (the default).
While the sysctl is enabled, dhclient fails for that interface, and any
attempt to manually configure and use it results in a route not found.
When I disable the sysctl, networking begins to work on the box.
The following default-installed startup script is really, really scary:
sysctl net.link.ether.bridge_refresh && bridge="_bridge"
kldload if_tap.ko
echo -n >/compat/linux/dev/vmnet1
ifconfig vmnet1 $host_ip netmask $netmask
if [ _$bridge != _ ]; then
sysctl -w net.link.ether.bridge_refresh=1
sysctl -w net.link.ether.bridge=1
fi
Un-announced, the vmware port enabled bridging between the ethernet
interfaces on my notebook, generated voluminous output for wi0, and broke
networking for ep0. This is a security risk, in that it automatically
enables bridging between previously un-connected LAN segments that may
have different security properties. This is against POLA in that it
breaks functionality (networking), bridges packets unto unexpected
segments (potentially breaking many other things, especially DHCP), etc.
Previously, use of networking support would create a virtual network
between the host and the guest OS, but not affect other networking
functionality.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000806190759.90634A-100000>