Date: Sat, 9 Aug 2008 13:37:56 +0800 (WST) From: David Adam <zanchey@ucc.gu.uwa.edu.au> To: Oliver Fromme <olli@lurza.secnetix.de> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? Message-ID: <alpine.DEB.1.10.0808091320490.3593@martello.ucc.gu.uwa.edu.au> In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> References: <200808081318.m78DIaXJ017555@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 8 Aug 2008, Oliver Fromme wrote: > Andrew Thompson wrote: > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. I can't see how this is a security flaw. The link is already down; ifconfig is merely updating the OS' knowlege of the link status to be closer to reality. David Adam zanchey@ucc.gu.uwa.edu.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.DEB.1.10.0808091320490.3593>