Date: Wed, 14 Mar 2007 14:29:48 +0100 From: "Frank Behrens" <frank@pinky.sax.de> To: "Bruce M. Simpson" <bms@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: tap(4) should go UP if opened Message-ID: <200703141329.l2EDTfuJ089208@pinky.frank-behrens.de> In-Reply-To: <45F7F405.4040607@FreeBSD.org> References: <200703141213.l2ECDntN087975@pinky.frank-behrens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce, many thanks for your fast response. Bruce M. Simpson <bms@FreeBSD.org> wrote on 14 Mar 2007 13:09: > The conditional in the second patch is a no-op as the open will be > forbidden if the user did not have privilege to open the tap. Bringing No. A process running with root rights can always open the tap. > the interface up by default potentially violates POLA, so this should > not happen by default. Ok, I see that the behaviour changes. I wonder who used the "tap user open" sysctl, when additional root rights are necessary to bring the interface UP? I can't imagine a setup where this could be used, somebody else? > Please try the attached patch, which puts this behaviour under a sysctl. Fine! This should work without problems. I agree with this solution, sounds good. I'll test it and report the result. Regards and thanks for your support, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703141329.l2EDTfuJ089208>