Hi,
I've read a little about the issue at :
http://groups.google.com/groups?hl=en&threadm=linux.kernel.Pine.LNX.4.31.0101240002380.29105-100000%40netcore.fi&rnum=4&prev=/groups%3Fq%3Dgflags%2Blinux%2Bnet%26hl%3Den
Apparently, some people think that it is an application problem, and
that the application should be fixed.
However, having two way of putting the interface in promiscuous mode
(and one which is not reported) look like a security bug to me.
IDS host based sensor might be monitoring the machine in order to alert
if the machine goes into promiscuous mode. This mean that anyone might
volontarily use PACKET_MR_PROMISC in order to bypass the sensor...
The attached patch should fix the problem, but I don't believe it's the
right way to fix it... Maybe the use of dev->gflags should be corrected
? or am I missing something ?
-- Yoann Vandoorselaere http://www.prelude-ids.org
--- net/core/dev.c.orig Thu Dec 6 12:53:21 2001 +++ net/core/dev.c Thu Dec 6 12:54:22 2001 @@ -2082,7 +2082,7 @@ static int dev_ifsioc(struct ifreq *ifr, switch(cmd) { case SIOCGIFFLAGS: /* Get interface flags */ - ifr->ifr_flags = (dev->flags&~(IFF_PROMISC|IFF_ALLMULTI|IFF_RUNNING)) + ifr->ifr_flags = (dev->flags&~(IFF_ALLMULTI|IFF_RUNNING)) |(dev->gflags&(IFF_PROMISC|IFF_ALLMULTI)); if (netif_running(dev) && netif_carrier_ok(dev)) ifr->ifr_flags |= IFF_RUNNING;
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Dec 07 2001 - 21:00:39 EST