Date: Mon, 12 Feb 2001 08:57:55 -0800 From: Peter Wemm <peter@netplex.com.au> To: Robert Watson <rwatson@FreeBSD.org> Cc: Warner Losh <imp@harmony.village.org>, Peter Pentchev <roam@orbitel.bg>, Dag-Erling Smorgrav <des@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h Message-ID: <200102121657.f1CGvtU51868@mobile.wemm.org> In-Reply-To: <200102121653.f1CGr5U51782@mobile.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Wemm wrote:
> Robert Watson wrote:
> >
> > On Mon, 12 Feb 2001, Peter Wemm wrote:
> >
> > > Warner Losh wrote:
> > > > In message <Pine.NEB.3.96L.1010122142028.19966D-100000@fledge.watson.or
g>
> Rob
> > > ert Watson writes:
> > > > : appreciated. (this will also make it easier for portable kernel
> > > > : monitoring tools to be written, and allow graphical monitoring tools
to
> > > > : run with less privilege).
> > > >
> > > > And generally make for a happier security officer team :-)
> > >
> > > And an unhappier team of people dealing with kernel crashdumps. :-(
> > >
> > > All this sysctl stuff is fine, but dont kill the crashdump reading code!
> > > If -M or -N are specified then use the old way (and require root to be
> > > running it). Without -M or -N, use sysctl.
> >
> > All patches submitted on the freebsd-audit mailing list to remove setgid
> > from top, systat, dmesg, etc, have maintained backwards compatibility by
> > using kmem when the -M or -N argument is provided, permitting them to
> > continue to work on system dumps -- and even on /dev/kmem, it just
> > requires that you run them as root now, since they won't be setgid kmem.
> > If you have a few minutes and want to verify that the new versions will
> > continue to work properly for you, and that you think they're implemented
> > right, the archives of -audit contain a number of relevant posts by Thomas
> > Moestl <tmoestl@gmx.net>.
>
> netstat(1) is a high profile tool that got broken this way and is sorely
> missed here. At work we reverted the sysctl changes entirely for
> simplicity.
Specifically, this one:
revision 1.27
date: 1998/05/15 20:19:15; author: wollman; state: Exp; lines: +115 -62
mbuf, inet, and unix modules no longer read kvm.
Paul Saab has a version that restored this stuff specifically for crashdump
use. (which gets a *lot* of use)
Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102121657.f1CGvtU51868>