From owner-freebsd-security Wed Aug 13 03:32:34 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id DAA09546 for security-outgoing; Wed, 13 Aug 1997 03:32:34 -0700 (PDT) Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA09538; Wed, 13 Aug 1997 03:32:28 -0700 (PDT) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.4/8.8.4) with ESMTP id DAA28185; Wed, 13 Aug 1997 03:32:23 -0700 (PDT) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id DAA19153; Wed, 13 Aug 1997 03:32:22 -0700 (PDT) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id DAA17410; Wed, 13 Aug 1997 03:32:20 -0700 (PDT) From: Don Lewis Message-Id: <199708131032.DAA17410@salsa.gv.tsc.tdk.com> Date: Wed, 13 Aug 1997 03:32:20 -0700 In-Reply-To: Cy Schubert "Re: procfs patch" (Aug 12, 7:12am) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: cy@uumail.gov.bc.ca, dg@root.com Subject: Re: procfs patch Cc: Sean Eric Fagan , current@FreeBSD.ORG, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Aug 12, 7:12am, Cy Schubert wrote: } Subject: Re: procfs patch } All this patch does, in addition to allowing the "standard" access list } access, is allow KMEM_GROUP read access, so IMHO it's almost perfect. } Could this be controllable via sysctl, which would be used at boot time } with a one-line awk script to get kmem's gid and poke it into the kernel. I think it would be better as a mount option than a global variable. It sounds kind of icky, but mount_procfs could stat /dev/kmem to find the proper gid ... --- Truck