From owner-freebsd-current  Wed Jan 10  3:53:30 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mimer.webgiro.com (unknown [213.162.128.50])
	by hub.freebsd.org (Postfix) with ESMTP id 1269337B402
	for <freebsd-current@freebsd.org>; Wed, 10 Jan 2001 03:53:13 -0800 (PST)
Received: by mimer.webgiro.com (Postfix, from userid 66)
	id DC6832DC0B; Wed, 10 Jan 2001 12:57:02 +0100 (CET)
Received: by mx.webgiro.com (Postfix, from userid 1001)
	id C875C781B; Wed, 10 Jan 2001 12:52:26 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by mx.webgiro.com (Postfix) with ESMTP
	id C18A510E1B; Wed, 10 Jan 2001 12:52:24 +0100 (CET)
Date: Wed, 10 Jan 2001 12:52:17 +0100 (CET)
From: Andrzej Bialecki <abial@webgiro.com>
To: Tomasz Paszkowski <ns88@k.pl>
Cc: freebsd-current@freebsd.org
Subject: Re: securelevel and sysctl
In-Reply-To: <20010110012948.A19896@genesis.k.pl>
Message-ID: <Pine.BSF.4.20.0101101248320.54435-100000@mx.webgiro.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 10 Jan 2001, Tomasz Paszkowski wrote:

> 
>  I'am working on module, which catches __sysctl system call, and on
>  securelevel grater than 3, refuse any changes of sysctl oids. Are there any

You might want to take a look at SPY module
(http://people.freebsd.org/~abial/spy).

>  problems, which might happen after blocking sysctl oids change ?
>  AFAIR there is no such application running in user Space,which requires
>  ability to change sysctl oids,is there ?

Several oids are changed on system startup. Others are accessed read-only
to provide system information.

>  Secondly I'was thinking about oids,which are needed for user space aplications
>  to work. I figured out,that vi use some (I didn't check which one) oid on
>  startup, so is there a list of oids used by user space applications ?

Well, it depends on what the user applications want to access, doesn't it
:-). Theoretically, this list could be all oids. Practically, it depends
on the user applications that are installed...

Andrzej Bialecki

//  <abial@webgiro.com> WebGiro AB, Sweden (http://www.webgiro.com)
// -------------------------------------------------------------------
// ------ FreeBSD: The Power to Serve. http://www.freebsd.org --------
// --- Small & Embedded FreeBSD: http://www.freebsd.org/~picobsd/ ----




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message