From owner-cvs-all  Fri Aug  3 10:13:27 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id C6AB937B403; Fri,  3 Aug 2001 10:13:23 -0700 (PDT)
	(envelope-from rwatson@FreeBSD.org)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f73HDNA44562;
	Fri, 3 Aug 2001 10:13:23 -0700 (PDT)
	(envelope-from rwatson)
Message-Id: <200108031713.f73HDNA44562@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Fri, 3 Aug 2001 10:13:23 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sys/fs/procfs procfs.h procfs_mem.c procfs_vnops.c
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

rwatson     2001/08/03 10:13:23 PDT

  Modified files:
    sys/fs/procfs        procfs.h procfs_mem.c procfs_vnops.c 
  Log:
  Prior to support for almost all ps activity via sysctl, ps used procfs,
  and so special-casing was introduced to provide extra procfs privilege
  to the kmem group.  With the advent of non-setgid kmem ps, this code
  is no longer required, and in fact, can is potentially harmful as it
  allocates privilege to a gid that is increasingly less meaningful.
  Knowledge of specific gid's in kernel is also generally bad precedent,
  as the kernel security policy doesn't distinguish gid's specifically,
  only uid 0.
  
  This commit removes reference to kmem in procfs, both in terms of
  access control decisions, and the applying of gid kmem to the
  /proc/*/mem file, simplifying the associated code considerably.
  Processes are still permitted to access the mem file based on
  the debugging policy, so ps -e still works fine for normal
  processes and use.
  
  Reviewed by:	tmm
  Obtained from:	TrustedBSD Project
  
  Revision  Changes    Path
  1.36      +1 -3      src/sys/fs/procfs/procfs.h
  1.53      +5 -35     src/sys/fs/procfs/procfs_mem.c
  1.100     +6 -7      src/sys/fs/procfs/procfs_vnops.c


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message