Folks, Why does the DLDIOC_MACADDRGET ioctl require the sys_dl_config privilege? Is this a bug? -Seb
On 04/09/09 07:02, Sebastien Roy wrote:> Folks, > > Why does the DLDIOC_MACADDRGET ioctl require the sys_dl_config > privilege? Is this a bug? >ifconfig as documented, when run by a noon privileged user, it is expected to not show the ether address. Kais> -Seb > > > _______________________________________________ > crossbow-discuss mailing list > crossbow-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/crossbow-discuss > >
On Thu, 2009-04-09 at 08:07 -0700, Kais Belgaied wrote:> On 04/09/09 07:02, Sebastien Roy wrote: > > Folks, > > > > Why does the DLDIOC_MACADDRGET ioctl require the sys_dl_config > > privilege? Is this a bug? > > > > ifconfig as documented, when run by a noon privileged user, it is > expected to not show the ether address.That''s an artifact of how DLPI works (implementation leaking through to the user interface). A long standing (and oft-requested) feature has been to have ifconfig display MAC addresses for all users, and more generally to provide non-privileged access to MAC addresses. I don''t see a reason why this ioctl needs to be a privileged operation. There''s nothing secret about MAC addresses. -Seb
Kais Belgaied writes:> On 04/09/09 07:02, Sebastien Roy wrote: > > Folks, > > > > Why does the DLDIOC_MACADDRGET ioctl require the sys_dl_config > > privilege? Is this a bug? > > > > ifconfig as documented, when run by a noon privileged user, it is > expected to not show the ether address.Isn''t that sort of broken behavior? The MAC addresses certainly aren''t "secrets" of any sort. We don''t try to hide "netstat -np". The reason it was like this was historical: getting the MAC address in ifconfig meant opening up the DLPI node and talking to the driver. As the drivers didn''t have discrete privileges for each operation, and you had to be almighty root to touch them, ''ifconfig'' didn''t show the MAC address when not privileged. In other words, I think we''re building grass landing strips and hoping the cargo planes will return. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677