"Jonathan A. Kollasch" writes: > Module Name: src > Committed By: jakllsch > Date: Thu Jan 5 02:38:51 UTC 2023 > > Modified Files: > src/sys/net: if_wg.c > > Log Message: > Check for authorization for SIOCSDRVSPEC and SIOCGDRVSPEC ioctls for wg(4). > > Addresses PR 57161.
might be nice to push this down for SIOCGDRVSPEC. it sure seems right for *set* operation, but perhaps for *get*, it can just elide the sensitive portion in the output ioctl (either make it empty or make it not present at all?) it doesn't seem too hard, just moving the check into wg_ioctl_get() for the problematic parts... the idea being to match "ifconfig" on eg, wifi, only showing the configured passwrds to root. thanks. .mrg.
