From owner-freebsd-hackers@freebsd.org Sun Jun 21 02:58:08 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 955AB33E42B for ; Sun, 21 Jun 2020 02:58:08 +0000 (UTC) (envelope-from alfix86@gmail.com) Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49qHKW4KGRz4HKN for ; Sun, 21 Jun 2020 02:58:07 +0000 (UTC) (envelope-from alfix86@gmail.com) Received: by mail-wr1-x434.google.com with SMTP id l10so13356902wrr.10 for ; Sat, 20 Jun 2020 19:58:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BBVuEc7UBo918+LY3DuxSnRj/loL5FAbd7fVMoiQ1ZQ=; b=AxXh/oawBXrS8thdr6ypsTnz05hUDDTRSzPVEzWxCuQFZowz4bYenOLDgU6QkXuOha AM1BeJwXq9bRPuphfXoetK78ufPwL+lYoGHqfRAsackUtsZBqN5hKR17fBel7FuTp569 BOfcJf2E5GprEQJsMVxq4wpVVfqQ50FOf7ad+WifCwhFsTo2mY7Gnv6UoClwxgiaouQF 7r/hX9t+lfy1u9rVsFlNNGi5KudCxYU6gV3HNPzoHRBITHgFMiUXgPcJUBzuvqBMKixN Ggb98g+KYQRf04LoXgoZfyYbIbPNXrurs3u/SUArnzvun14O3n0c9281vJsVUpsh9ZVh IpOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BBVuEc7UBo918+LY3DuxSnRj/loL5FAbd7fVMoiQ1ZQ=; b=OIx9HIsgXtLqY8rqo5B/LkpvKT4ZuMapP8IFvKlooPOhe8qU8P2jJcmKwM9vH52PS0 pGMf48NqYAT3XDuu3isstJioLmpLdLyyWfyr6+lFRW0jyDl35K07WxLt/VuGM0+EdxFj H1nXLQG1OauVsZHXT836RhOcNUctHhgK+b9mHADoEV0AMtomWGs9WiOvfBpGZINT3EiB oEsa3FbyrGJ6b/PE/28+inXsvp86+9swP+X4TXeSiFDS1qSnE3sOUVsUNsXDzRZ8+79k 97whqLhYbg6t4m2C2n69OoqjbdNEQiYkM9bmUdItJz/et7IZ6eCq2PjBUe6SU+95IhnC p5vw== X-Gm-Message-State: AOAM533aK70Kv9ReTmon++izBJZOl73FVWuxxor+/sBMBI7gtJCoMsUl Hq1yuI0JSMxfHA1fRhe+EfSLjpKo X-Google-Smtp-Source: ABdhPJzKbmhkxGwwYrnqL7G0elm8CCRqil8plCSVbShx7XzmBd6nbLhDSUcR4fuTM3gTU7zlImQbdw== X-Received: by 2002:a5d:4d8b:: with SMTP id b11mr11913137wru.341.1592708284951; Sat, 20 Jun 2020 19:58:04 -0700 (PDT) Received: from alfdeb (host-79-18-159-44.retail.telecomitalia.it. [79.18.159.44]) by smtp.gmail.com with ESMTPSA id v7sm12496291wrp.45.2020.06.20.19.58.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Jun 2020 19:58:04 -0700 (PDT) Date: Sun, 21 Jun 2020 04:58:03 +0200 From: Alfonso Siciliano To: freebsd-hackers@freebsd.org Subject: Re: An option to ignore sysctl CTLFLAG_ANYBODY Message-Id: <20200621045803.70a373337b6df186fabc54ac@gmail.com> In-Reply-To: <20200618172721.GA28529@daemon> References: <20200618172721.GA28529@daemon> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 49qHKW4KGRz4HKN X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=AxXh/oaw; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of alfix86@gmail.com designates 2a00:1450:4864:20::434 as permitted sender) smtp.mailfrom=alfix86@gmail.com X-Spamd-Result: default: False [-2.74 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MV_CASE(0.50)[]; TO_DN_NONE(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.22)[-0.219]; RECEIVED_SPAMHAUS_PBL(0.00)[79.18.159.44:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.003]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.02)[-1.019]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::434:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jun 2020 02:58:08 -0000 On Sat, 20 Jun 2020 19:38:12 +0000 Teran McKinney wrote: > I have tried that and it does work. The problem is that even a > simple read call like `sysctl hw.ncpu` will return an error for > non-root users. Which, while not essential, would be nice to > keep. This new change to kern_sysctl.c should solve the problem: https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122 from /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { to /* * Is this sysctl writable? Does it belong to the undocumented interface * or sysctlinfo? */ if (req->newptr && !(SYSCTL_CHILDREN(&sysctl___sysctl) == oid->oid_parent)) { Testing % uname -K 1300093 % sysctl hw.ncpu hw.ncpu: 1 % nsysctl -NatGv hw.snd.default_unit hw.snd.default_unit: integer: RD WR RW ANYBODY TUN RDTUN RWTUN NOFETCH: 0 % sysctl hw.snd.default_unit hw.snd.default_unit: 0 % sysctl hw.snd.default_unit=1 hw.snd.default_unit: 0 sysctl: hw.snd.default_unit=1: Operation not permitted Alfonso --- Alfonso S. Siciliano http://alfix.gitlab.io