tap(4) should go UP if opened
Frank Behrens
frank at pinky.sax.de
Wed Mar 14 13:29:44 UTC 2007
Bruce,
many thanks for your fast response.
Bruce M. Simpson <bms at FreeBSD.org> wrote on 14 Mar 2007 13:09:
> The conditional in the second patch is a no-op as the open will be
> forbidden if the user did not have privilege to open the tap. Bringing
No. A process running with root rights can always open the tap.
> the interface up by default potentially violates POLA, so this should
> not happen by default.
Ok, I see that the behaviour changes.
I wonder who used the "tap user open" sysctl, when additional root rights are necessary to
bring the interface UP? I can't imagine a setup where this could be used, somebody else?
> Please try the attached patch, which puts this behaviour under a sysctl.
Fine! This should work without problems. I agree with this solution, sounds good. I'll test it
and report the result.
Regards and thanks for your support,
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-net
mailing list