Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 7 Dec 2001 10:05:53 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 7 Dec 2001 10:05:34 -0500 Received: from ALyon-202-1-2-226.abo.wanadoo.fr ([217.128.85.226]:61659 "EHLO alph") by vger.kernel.org with ESMTP id ; Fri, 7 Dec 2001 10:05:22 -0500 Subject: PACKET_MR_PROMISC doesn't set IFF_PROMISC From: Yoann Vandoorselaere To: linux-kernel@vger.kernel.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-G+V8Qw0biXf68Wsvq91V" X-Mailer: Evolution/1.0 (Preview Release) Date: 07 Dec 2001 16:06:04 +0100 Message-Id: <1007737564.21312.22.camel@alph> Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org --=-G+V8Qw0biXf68Wsvq91V Content-Type: multipart/mixed; boundary="=-gP7ezkmTls9cXJRZzzky" --=-gP7ezkmTls9cXJRZzzky Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I've read a little about the issue at : http://groups.google.com/groups?hl=3Den&threadm=3Dlinux.kernel.Pine.LNX.4.3= 1.0101240002380.29105-100000%40netcore.fi&rnum=3D4&prev=3D/groups%3Fq%3Dgfl= ags%2Blinux%2Bnet%26hl%3Den Apparently, some people think that it is an application problem, and that the application should be fixed. However, having two way of putting the interface in promiscuous mode (and one which is not reported) look like a security bug to me. IDS host based sensor might be monitoring the machine in order to alert if the machine goes into promiscuous mode. This mean that anyone might volontarily use PACKET_MR_PROMISC in order to bypass the sensor...=20 The attached patch should fix the problem, but I don't believe it's the right way to fix it... Maybe the use of dev->gflags should be corrected ? or am I missing something ? --=20 Yoann Vandoorselaere http://www.prelude-ids.org --=-gP7ezkmTls9cXJRZzzky Content-Description: Content-Disposition: inline; filename=promisc-set.patch Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable --- net/core/dev.c.orig Thu Dec 6 12:53:21 2001 +++ net/core/dev.c Thu Dec 6 12:54:22 2001 @@ -2082,7 +2082,7 @@ static int dev_ifsioc(struct ifreq *ifr, switch(cmd)=20 { case SIOCGIFFLAGS: /* Get interface flags */ - ifr->ifr_flags =3D (dev->flags&~(IFF_PROMISC|IFF_ALLMULTI|IFF_RUNNING)) + ifr->ifr_flags =3D (dev->flags&~(IFF_ALLMULTI|IFF_RUNNING)) |(dev->gflags&(IFF_PROMISC|IFF_ALLMULTI)); if (netif_running(dev) && netif_carrier_ok(dev)) ifr->ifr_flags |=3D IFF_RUNNING; --=-gP7ezkmTls9cXJRZzzky-- --=-G+V8Qw0biXf68Wsvq91V Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8ENrc4tfUv0C+vv8RAgo7AJ977RP/sME3O9s42E8RlIF1Mh1GoACfcLBK 7+0bh3RnnIZMtfREAoA1SRU= =Mu/H -----END PGP SIGNATURE----- --=-G+V8Qw0biXf68Wsvq91V-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/