Module Name: src
Committed By: dyoung
Date: Fri Oct 28 16:42:52 UTC 2011
Modified Files:
src/sys/net: if_gif.c if_gre.c
Log Message:
Don't kauth-orize SIOCDIFPHYADDR, SIOCSIFFLAGS, SIOCSIFMTU, or
SIOCSLIFPHYADDR, in gif_ioctl() or in gre_ioctl(), because those
operations are ordinarily kauth-orized already in ifioctl().
Kauth-orizing SIOCSIFFLAGS in gre_ioctl() caused a panic ("panic:
bpf_detachd: ifpromisc failed: 1") when tcpdump(8) was interrupted.
Somehow bpf(4) enables promiscuous mode using different credentials than
it uses to disable promiscuous mode, hence the ifpromisc failure. This
may have something to do with privilege-separation in tcpdump(8). I.e.,
an LWP with SIOCSIFFLAGS privilege opens /dev/bpf, but an LWP without
SIOCSIFFLAGS privilege closes it.
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/sys/net/if_gif.c
cvs rdiff -u -r1.147 -r1.148 src/sys/net/if_gre.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
