Date: Thu, 18 Jun 2020 17:27:21 +0000 From: Teran McKinney <sega01@go-beyond.org> To: freebsd-hackers@freebsd.org Subject: An option to ignore sysctl CTLFLAG_ANYBODY Message-ID: <20200618172721.GA28529@daemon>
next in thread | raw e-mail | index | archive | help
Dear freebsd-hackers, I apologize if I am using the wrong list for this. I am wondering what the best way is to remove CTLFLAG_ANYBODY behavior on my systems. For my purposes, it's not desirable for any user to be able to adjust certain sysctls. I'd prefer root to be the only one able to adjust sysctl. I've made some attempts at a patch, but so far have managed to block users from doing almost anything in sysctl (sysctl -a will list keys, but sysctl hw.ncpu will say the oid was not found or something like that), or by mistake allow users to set any sysctl under the sun. I generally don't know what I'm doing as it's my first time hacking on the FreeBSD kernel, or any kernel in general for that matter. I was hoping that someone with more experience than myself would take pity or have some kind of zealous hatred to CTRLFLAG_ANYBODY as I do, and join me on my mission to relegate sysctl soley to the God powers of the mighty Root. Perhaps this could be a simple one off patch I apply, a compile time configuration, or a sysctl itself that controls the fate of CTLFLAG_ANYBODY. I'm not sure if that would be sacreligious or not. Thank you for your time. Hopefully as well for your thoughtful advice. Sincerely, Teran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200618172721.GA28529>