From owner-cvs-all  Mon Feb 12  8:26:29 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id AB39737B401; Mon, 12 Feb 2001 08:26:24 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1CGQ5h89902;
	Mon, 12 Feb 2001 11:26:05 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 12 Feb 2001 11:26:04 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Peter Wemm <peter@netplex.com.au>
Cc: Warner Losh <imp@harmony.village.org>,
	Peter Pentchev <roam@orbitel.bg>,
	Dag-Erling Smorgrav <des@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h 
In-Reply-To: <200102121614.f1CGEhU51322@mobile.wemm.org>
Message-ID: <Pine.NEB.3.96L.1010212112307.87908P-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 12 Feb 2001, Peter Wemm wrote:

> Warner Losh wrote:
> > In message <Pine.NEB.3.96L.1010122142028.19966D-100000@fledge.watson.org> Rob
>     ert Watson writes:
> > : appreciated.   (this will also make it easier for portable kernel
> > : monitoring tools to be written, and allow graphical monitoring tools to
> > : run with less privilege).
> > 
> > And generally make for a happier security officer team :-)
> 
> And an unhappier team of people dealing with kernel crashdumps. :-(
> 
> All this sysctl stuff is fine, but dont kill the crashdump reading code! 
> If -M or -N are specified then use the old way (and require root to be
> running it).  Without -M or -N, use sysctl. 

All patches submitted on the freebsd-audit mailing list to remove setgid
from top, systat, dmesg, etc, have maintained backwards compatibility by
using kmem when the -M or -N argument is provided, permitting them to
continue to work on system dumps -- and even on /dev/kmem, it just
requires that you run them as root now, since they won't be setgid kmem.
If you have a few minutes and want to verify that the new versions will
continue to work properly for you, and that you think they're implemented
right, the archives of -audit contain a number of relevant posts by Thomas
Moestl <tmoestl@gmx.net>.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message