Hi,
I've read a little about the issue at :
http://groups.google.com/groups?hl=en&threadm=linux.kernel.Pine.LNX.4.31.0101240002380.29105-100000%40netcore.fi&rnum=4&prev=/groups%3Fq%3Dgflags%2Blinux%2Bnet%26hl%3Den
Apparently, some people think that it is an application problem, and
that the application should be fixed.
However, having two way of putting the interface in promiscuous mode
(and one which is not reported) look like a security bug to me.
IDS host based sensor might be monitoring the machine in order to alert
if the machine goes into promiscuous mode. This mean that anyone might
volontarily use PACKET_MR_PROMISC in order to bypass the sensor...
The attached patch should fix the problem, but I don't believe it's the
right way to fix it... Maybe the use of dev->gflags should be corrected
? or am I missing something ?
Ps: please CC me as I'm not subscribed to the list
--
Yoann Vandoorselaere
http://www.prelude-ids.org
promisc-set.patch
Description: Text document
pgppfFDiXCu1s.pgp
Description: PGP signature
|