Bug 1561 - Check for up on open tap device
Summary: Check for up on open tap device
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.1p1
Hardware: Other FreeBSD
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_6
  Show dependency treegraph
 
Reported: 2009-02-24 07:32 AEDT by Richard
Modified: 2010-08-27 10:28 AEST (History)
1 user (show)

See Also:

Attachments
check for open tun/tap device (826 bytes, patch)
2009-02-24 07:32 AEDT, Richard 		no flags Details | Diff
/home/djm/sshd-tun-iff_up.diff (698 bytes, patch)
2010-08-10 04:30 AEST, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Richard 2009-02-24 07:32:39 AEDT 
Created attachment 1606 [details]
check for open tun/tap device

Freebsd allows a non-root user to open a tap device (net.link.tap.user_open=1) at which point it can be marked up automatically (net.link.tap.up_on_open=1) so that root access is not required to get a functioning tap server side.

#ifdef SSH_TUN_FREEBSD version of sys_tun_open in openbsd-compat/port-tun.c dosen't allow for this.  It will successfully open a tap for non-root but will then attempt to IFF_UP which will fail.

Test if the interface is already marked up and leave alone if it is.

At this time, up on open is only available to tap devices.
Comment 1 Damien Miller 2010-08-10 04:30:12 AEST 
Created attachment 1911 [details]
/home/djm/sshd-tun-iff_up.diff

Unified diff format against current
Comment 2 Damien Miller 2010-08-10 04:30:55 AEST 
Comment on attachment 1911 [details]
/home/djm/sshd-tun-iff_up.diff

I think this can make release.
Comment 3 Damien Miller 2010-08-10 12:48:02 AEST 
Patch applied. This will be in OpenSSH 5.6, due soon.
Comment 4 Darren Tucker 2010-08-27 10:28:07 AEST 
With the release of OpenSSH 5.6p1 this bug is now considered closed.  If you have further problems please reopen or file a new bug as appropriate.