Date: Tue, 9 Jul 2002 17:12:30 -0700 (PDT) From: Andrew Valencia <vandys@zendo.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/40394: if_tap driver hard coded permission check Message-ID: <200207100012.g6A0CU0p078007@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 40394 >Category: kern >Synopsis: if_tap driver hard coded permission check >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 09 17:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Andrew Valencia >Release: 4.5-RELEASE >Organization: Trapeze Networks >Environment: FreeBSD andy-pc.trpz.com 4.5-RELEASE FreeBSD 4.5-RELEASE #2: Wed Jun 5 16:52:45 PDT 2002 vandys@andy-pc.trpz.com:/usr/src/sys/compile/VANDYS i386 >Description: net/if_tap.c has a hard-coded check in tapopen() for suser(). Since this node corresponds to a /dev entry with perfectly a perfectly good permission system, why not leave off the hard-coded check so I can do things like create a "netdev" group whose members are allowed to do I/O to the tap interface. >How-To-Repeat: Configure tap interfaces in your kernel. Chmod /dev/tap0 to something writable by a mere mortal. Try to open it. Permission denied. >Fix: Remove the hard-coded check in the front of tapopen(). >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207100012.g6A0CU0p078007>