Date: Mon, 12 Feb 2001 20:33:49 -0800 From: Peter Wemm <peter@netplex.com.au> To: Matt Dillon <dillon@earth.backplane.com> Cc: Warner Losh <imp@harmony.village.org>, Robert Watson <rwatson@FreeBSD.ORG>, Peter Pentchev <roam@orbitel.bg>, Dag-Erling Smorgrav <des@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h Message-ID: <200102130433.f1D4XnU58135@mobile.wemm.org> In-Reply-To: <200102121823.f1CINTB07769@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon wrote: > :Warner Losh wrote: > :> In message <Pine.NEB.3.96L.1010122142028.19966D-100000@fledge.watson.org> Rob > : ert Watson writes: > :> : appreciated. (this will also make it easier for portable kernel > :> : monitoring tools to be written, and allow graphical monitoring tools to > :> : run with less privilege). > :> > :> And generally make for a happier security officer team :-) > : > :And an unhappier team of people dealing with kernel crashdumps. :-( > : > :All this sysctl stuff is fine, but dont kill the crashdump reading code! > :If -M or -N are specified then use the old way (and require root to be > :running it). Without -M or -N, use sysctl. > : > :Cheers, > :-Peter > > You don't need root to use -M and -N, you only need to be able to > access the dump files. Sorry for not being specific about it. I didn't mean to check for uid == root, I meant just rely on the user's existing privs to read the files. But one had better hope that the dump files are only root accessible - imagine all the priviliged info that could be in there... (master.passwd, spwd.db, ssh-agent in-memory decoded private keys, etc) Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102130433.f1D4XnU58135>