From: Oliver Fromme (ollilurza.secnetix.de)
Date: Fri Aug 08 2008 - 08:18:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Thompson wrote:
> Pete French wrote:
> > > The bce driver is not properly generating link state events.
> >
> > OK, that explains why it doesnt failover - but why does looking at it
> > with ifconfig make a difference ? surely that should be 'read only ?
>
> ifconfig will cause the media status to be read from the hardware at
> which time the link change is generated as it is different to the stored
> value.

Shouldn't that be considered a security flaw? After all,
you can perform "ifconfig $IF" inside a jail to list the
interface configuration, but you're not allowed to make
any changes.

Given your description above, it means that it is possible
to modify the interface configuration (cause a failover)
from within a jail. That's not good. I think that needs
to be fixed, or at the very least it needs to be properly
documented.

Best regards
   Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd

"I started using PostgreSQL around a month ago, and the feeling is
similar to the switch from Linux to FreeBSD in '96 -- 'wow!'."
        -- Oddbjorn Steffensen
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]