From owner-freebsd-current@FreeBSD.ORG Thu Jan 15 20:46:21 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD84716A4CE; Thu, 15 Jan 2004 20:46:21 -0800 (PST) Received: from pandora.afflictions.org (asylum.afflictions.org [64.7.134.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B1FC43D58; Thu, 15 Jan 2004 20:46:20 -0800 (PST) (envelope-from dgerow@afflictions.org) Received: from dementia.afflictions.org (dementia [172.16.0.56]) by pandora.afflictions.org (Postfix) with ESMTP id BC8C45BB3C; Fri, 16 Jan 2004 00:15:43 -0500 (EST) Received: by dementia.afflictions.org (Postfix, from userid 1001) id D6DF86D457; Thu, 15 Jan 2004 23:47:53 -0500 (EST) Date: Thu, 15 Jan 2004 23:47:53 -0500 From: Damian Gerow To: Robert Watson Message-ID: <20040116044753.GD26549@afflictions.org> References: <20040115213447.GA40114@afflictions.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 5.2-RC on a i386 X-GPG-Fingerprint: B3D7 D901 A53A 1A99 BFD6 E6DF 9F3B 742B C288 9CC9 User-Agent: Mutt/1.5.5.1i cc: current@freebsd.org Subject: Re: Problems with net/net-snmp on 5.2-RELEASE? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 04:46:21 -0000 Thus spake Robert Watson (rwatson@freebsd.org) [15/01/04 19:10]: : > Whoops. Found the problem -- the default install of 5.2 doesn't appear : > to mount /proc by default. Mounted, problem (mostly) fixed. Still have : > some permission issues, but those I can handle. : : Hmm. Do you have any idea why the SNMP agent needs access to procfs? : We've been trying to deprecate use of procfs due to long-standing security : issues with the procfs approach (just look at the vulnerability lists for : FreeBSD, Linux, and Solaris to see why...) There are some services in : procfs not found using the other interfaces, but frequently applications : can get access to everything they need using either libkvm (which uses : sysctl()), or using ptrace(). The abort happens when polling for .1.3.6.1.4.1.2021.10.1.5.1 and .1.3.6.1.4.1.2021.10.1.5.2 -- ucdavis.laTable.laEntry.laLoadInt.1 and .2, respectively. I'm not sure why, exactly, as I haven't had the time to go into in-depth debugging. A quick attempt at running it through truss gives me this: newhost# truss -o snmpd.out snmpd -DALL -Lf snmpd.debug -f truss: truss: cannot open /proc/curproc/mem: No such file or directory cannot open /proc/13877/mem: No such file or directory newhost# Pulling out process checks from snmpd.conf doesn't change its behaviour, unsurprisingly. Anything else you'd like me to try? (And FWIW, no matter how I set the permissions, if snmpd isn't running as root, it fails on opening /dev/mem. I've currently got it set to 0660, and the user snmpd runs as is part of the kmem group (yeah yeah, I know...). For some reason, this Just Works on -STABLE, without the need to change permissions or group membership.) - Damian