From nobody@FreeBSD.org  Tue Jul  9 17:12:30 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE0DF37B400
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  9 Jul 2002 17:12:30 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A685043E31
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  9 Jul 2002 17:12:30 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6A0CUOT078008
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 9 Jul 2002 17:12:30 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g6A0CU0p078007;
	Tue, 9 Jul 2002 17:12:30 -0700 (PDT)
Message-Id: <200207100012.g6A0CU0p078007@www.freebsd.org>
Date: Tue, 9 Jul 2002 17:12:30 -0700 (PDT)
From: Andrew Valencia <vandys@zendo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: if_tap driver hard coded permission check
X-Send-Pr-Version: www-1.0

>Number:         40394
>Category:       kern
>Synopsis:       [if_tap] if_tap(4) driver hard coded permission check
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 09 17:20:01 PDT 2002
>Closed-Date:    Sat Sep 23 20:51:17 GMT 2006
>Last-Modified:  Sat Sep 23 20:51:17 GMT 2006
>Originator:     Andrew Valencia
>Release:        4.5-RELEASE
>Organization:
Trapeze Networks
>Environment:
FreeBSD andy-pc.trpz.com 4.5-RELEASE FreeBSD 4.5-RELEASE #2: Wed Jun  5 16:52:45 PDT 2002     vandys@andy-pc.trpz.com:/usr/src/sys/compile/VANDYS  i386
>Description:
      net/if_tap.c has a hard-coded check in tapopen() for suser().
Since this node corresponds to a /dev entry with perfectly a
perfectly good permission system, why not leave off the hard-coded
check so I can do things like create a "netdev" group whose members
are allowed to do I/O to the tap interface.
>How-To-Repeat:
Configure tap interfaces in your kernel.  Chmod /dev/tap0 to something
writable by a mere mortal.  Try to open it.  Permission denied.
>Fix:
Remove the hard-coded check in the front of tapopen().
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: bms 
State-Changed-When: Sat Sep 23 20:51:03 UTC 2006 
State-Changed-Why:  
fixed in rev 1.52 of if_tap.c 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40394 
>Unformatted:
