From owner-freebsd-arch@FreeBSD.ORG Mon May 20 22:28:40 2013 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id DA06383E; Mon, 20 May 2013 22:28:40 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (unknown [IPv6:2001:610:1108:5012::107]) by mx1.freebsd.org (Postfix) with ESMTP id A4C9CA0A; Mon, 20 May 2013 22:28:40 +0000 (UTC) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 5F2AA1203B1; Tue, 21 May 2013 00:28:26 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id 3620A28493; Tue, 21 May 2013 00:28:26 +0200 (CEST) Date: Tue, 21 May 2013 00:28:26 +0200 From: Jilles Tjoelker To: John Baldwin Subject: Re: Extending MADV_PROTECT Message-ID: <20130520222825.GB43407@stack.nl> References: <201305071433.27993.jhb@freebsd.org> <201305090814.52166.jhb@freebsd.org> <20130509123147.GT3047@kib.kiev.ua> <201305101535.50633.jhb@freebsd.org> <20130514192115.GA34869@stack.nl> <5192AE7C.10105@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5192AE7C.10105@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Konstantin Belousov , arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 22:28:40 -0000 On Tue, May 14, 2013 at 05:37:00PM -0400, John Baldwin wrote: > On 5/14/13 3:21 PM, Jilles Tjoelker wrote: > > All this is not very important for process protection because it > > requires root privileges anyway but future procctl commands may well be > > accessible to normal users (I'm thinking of avoiding proliferation of > > pd* calls in particular). > I originally used that approach in pprotect() since that is what ktrace > uses. I did it this way in procctl() to err on the side of reporting > errors vs not, but I can easily change it. This is something I wasn't > sure of and very much appreciate feedback on. > Do you have any thoughts on having this be more ioctl-like ("automatic" > copyin/out and size encoded in cmd) vs ptrace-like (explicit sizes and > in/out keyed off of command)? If it is ioctl-like, it is possible to redirect ioctl() on a process descriptor to procctl and use cap_ioctls_limit() infrastructure. I'm not sure Capsicum people actually like that, though. In either case, it is possible to have a P_PROCDESC to affect a process by process descriptor. Capsicum may then need more CAP_*. -- Jilles Tjoelker