Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT

In reply to: Alexander Leidinger : "Re: git: 2c24ad3377a6 - main - ifconfig: abort if loading a module fails other than for ENOENT"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alan Somers <asomers_at_freebsd.org>
Date: Fri, 20 Jan 2023 17:15:39 UTC

On Fri, Jan 20, 2023 at 12:37 AM Alexander Leidinger
<Alexander@leidinger.net> wrote:
>
> Quoting Alan Somers <asomers@freebsd.org> (from Thu, 19 Jan 2023
> 10:11:38 -0700):
>
> > Ugh, it looks like kldload(2) is doing the privilege check before the
> > file existence check.  I'm not sure of the best solution:
> > * Change kern_kldload to check for file existence first.  This would
> > ring some alarm bells among security folks, and it isn't totally easy
> > to do, either.
> > * Change ifconfig(8) to do an existence check of its own.  This
> > would be ugly.
> > * Change ifconfig(8) so that it doesn't attempt to load modules when
> > just listing an interface.  This might be incomplete, but is probably
> > worth doing anyway.
>
> Isn't this affecting all ifconfig operations in a _vnet_ jail, not
> only listing an interface?
>
> Would it be sensible to revert the commit until there is a solution?
>
>  From a quick look I have the impression it makes sense to set noload
> to true in a jail (in that case ifmaybeload returns and the problem
> should go away).

I think this is the best idea I've heard so far.  I'll prepare a change.