* [PATCH] ethtool: allow non-netadmin to query settings
@ 2010-08-23 20:24 Stephen Hemminger
2010-08-23 21:24 ` Ben Hutchings
2010-08-24 3:44 ` David Miller
0 siblings, 2 replies; 4+ messages in thread
From: Stephen Hemminger @ 2010-08-23 20:24 UTC (permalink / raw)
To: David Miller, Jeff Garzik; +Cc: netdev
The SNMP daemon uses ethtool to determine the speed of
network interfaces. This fails on Debian (and probably elsewhere)
because for security SNMP daemon runs as non-root user (snmp).
Note: A similar patch was rejected previously because of a concern about
the possibility that on some hardware querying the ethtool settings
requires access to the PHY and could slow the machine down. But the
security risk of requiring SNMP daemon (and related services)
to run as root far out weighs the risk of denial-of-service.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
--- a/net/core/ethtool.c 2010-08-22 11:45:34.680419224 -0700
+++ b/net/core/ethtool.c 2010-08-22 11:46:17.207548950 -0700
@@ -1423,6 +1423,7 @@ int dev_ethtool(struct net *net, struct
/* Allow some commands to be done by anyone */
switch (ethcmd) {
+ case ETHTOOL_GSET:
case ETHTOOL_GDRVINFO:
case ETHTOOL_GMSGLVL:
case ETHTOOL_GCOALESCE:
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] ethtool: allow non-netadmin to query settings
2010-08-23 20:24 [PATCH] ethtool: allow non-netadmin to query settings Stephen Hemminger
@ 2010-08-23 21:24 ` Ben Hutchings
2010-08-23 21:40 ` Stephen Hemminger
2010-08-24 3:44 ` David Miller
1 sibling, 1 reply; 4+ messages in thread
From: Ben Hutchings @ 2010-08-23 21:24 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: David Miller, Jeff Garzik, netdev
On Mon, 2010-08-23 at 13:24 -0700, Stephen Hemminger wrote:
> The SNMP daemon uses ethtool to determine the speed of
> network interfaces. This fails on Debian (and probably elsewhere)
> because for security SNMP daemon runs as non-root user (snmp).
>
> Note: A similar patch was rejected previously because of a concern about
> the possibility that on some hardware querying the ethtool settings
> requires access to the PHY and could slow the machine down. But the
> security risk of requiring SNMP daemon (and related services)
> to run as root far out weighs the risk of denial-of-service.
[...]
Speed and duplex are now exposed through world-readable attributes in
sysfs. Currently this is implemented by calling the ethtool
get_settings() operations but that could be improved on by adding speed
and duplex fields to struct net_device or by allowing drivers to
implement a cheaper operation that provides just this information.
Ben.
--
Ben Hutchings, Senior Software Engineer, Solarflare Communications
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ethtool: allow non-netadmin to query settings
2010-08-23 21:24 ` Ben Hutchings
@ 2010-08-23 21:40 ` Stephen Hemminger
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Hemminger @ 2010-08-23 21:40 UTC (permalink / raw)
To: Ben Hutchings; +Cc: David Miller, Jeff Garzik, netdev
On Mon, 23 Aug 2010 22:24:38 +0100
Ben Hutchings <bhutchings@solarflare.com> wrote:
> On Mon, 2010-08-23 at 13:24 -0700, Stephen Hemminger wrote:
> > The SNMP daemon uses ethtool to determine the speed of
> > network interfaces. This fails on Debian (and probably elsewhere)
> > because for security SNMP daemon runs as non-root user (snmp).
> >
> > Note: A similar patch was rejected previously because of a concern about
> > the possibility that on some hardware querying the ethtool settings
> > requires access to the PHY and could slow the machine down. But the
> > security risk of requiring SNMP daemon (and related services)
> > to run as root far out weighs the risk of denial-of-service.
> [...]
>
> Speed and duplex are now exposed through world-readable attributes in
> sysfs. Currently this is implemented by calling the ethtool
> get_settings() operations but that could be improved on by adding speed
> and duplex fields to struct net_device or by allowing drivers to
> implement a cheaper operation that provides just this information.
>
Changing daemon is possible, but changing every driver to do this
is not a practical option.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ethtool: allow non-netadmin to query settings
2010-08-23 20:24 [PATCH] ethtool: allow non-netadmin to query settings Stephen Hemminger
2010-08-23 21:24 ` Ben Hutchings
@ 2010-08-24 3:44 ` David Miller
1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2010-08-24 3:44 UTC (permalink / raw)
To: shemminger; +Cc: jgarzik, netdev
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Mon, 23 Aug 2010 13:24:18 -0700
> The SNMP daemon uses ethtool to determine the speed of
> network interfaces. This fails on Debian (and probably elsewhere)
> because for security SNMP daemon runs as non-root user (snmp).
>
> Note: A similar patch was rejected previously because of a concern about
> the possibility that on some hardware querying the ethtool settings
> requires access to the PHY and could slow the machine down. But the
> security risk of requiring SNMP daemon (and related services)
> to run as root far out weighs the risk of denial-of-service.
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-08-24 3:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-23 20:24 [PATCH] ethtool: allow non-netadmin to query settings Stephen Hemminger
2010-08-23 21:24 ` Ben Hutchings
2010-08-23 21:40 ` Stephen Hemminger
2010-08-24 3:44 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).