Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT
- Reply: Alan Somers : "Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT"
- In reply to: Alan Somers : "Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Jan 2023 07:37:21 UTC
Quoting Alan Somers <asomers@freebsd.org> (from Thu, 19 Jan 2023 10:11:38 -0700): > Ugh, it looks like kldload(2) is doing the privilege check before the > file existence check. I'm not sure of the best solution: > * Change kern_kldload to check for file existence first. This would > ring some alarm bells among security folks, and it isn't totally easy > to do, either. > * Change ifconfig(8) to do an existence check of its own. This > would be ugly. > * Change ifconfig(8) so that it doesn't attempt to load modules when > just listing an interface. This might be incomplete, but is probably > worth doing anyway. Isn't this affecting all ifconfig operations in a _vnet_ jail, not only listing an interface? Would it be sensible to revert the commit until there is a solution? From a quick look I have the impression it makes sense to set noload to true in a jail (in that case ifmaybeload returns and the problem should go away). Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF