Hi, replying to a question on the tcpdump ML, I just realized that we allow users who have permissions on bpf to bypass PRIV_NET_SETIFFLAGS for setting promiscuous mode. This certainly is not a security problem per se - as bpf access is a mighty permission on its own and shouldn't be given out to untrusted users ... so this is just an "is this intended?" type of thing. BTW, I strongly vote for keeping the possibility to use bpf (in promisc mode) for non-root users. -- /"\ Best regards, | mlaier_at_freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier_at_EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and NewsReceived on Tue Oct 14 2008 - 14:39:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:36 UTC