From owner-freebsd-hackers@freebsd.org Thu Jun 18 17:27:30 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E1BB935593E for ; Thu, 18 Jun 2020 17:27:30 +0000 (UTC) (envelope-from sega01@go-beyond.org) Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49npm2152zz3VPG for ; Thu, 18 Jun 2020 17:27:29 +0000 (UTC) (envelope-from sega01@go-beyond.org) Received: from [160.3.200.8] (port=20568 helo=localhost) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1jlyJw-0001iy-BO for freebsd-hackers@freebsd.org; Thu, 18 Jun 2020 18:27:28 +0100 Date: Thu, 18 Jun 2020 17:27:21 +0000 From: Teran McKinney To: freebsd-hackers@freebsd.org Subject: An option to ignore sysctl CTLFLAG_ANYBODY Message-ID: <20200618172721.GA28529@daemon> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-BlackCat-Spam-Score: 4 X-Spam-Status: No, score=0.4 X-Rspamd-Queue-Id: 49npm2152zz3VPG X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of sega01@go-beyond.org designates 2a00:1098:0:82:1000:0:2:1 as permitted sender) smtp.mailfrom=sega01@go-beyond.org X-Spamd-Result: default: False [-0.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.39)[-0.391]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1098::82:1000:0:2:1]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[go-beyond.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.93)[-0.927]; MID_RHS_NOT_FQDN(0.50)[]; NEURAL_SPAM_SHORT(0.62)[0.616]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:44684, ipnet:2a00:1098::/32, country:GB]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2a00:1098:0:82:1000:0:2:1:from] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2020 17:27:30 -0000 Dear freebsd-hackers, I apologize if I am using the wrong list for this. I am wondering what the best way is to remove CTLFLAG_ANYBODY behavior on my systems. For my purposes, it's not desirable for any user to be able to adjust certain sysctls. I'd prefer root to be the only one able to adjust sysctl. I've made some attempts at a patch, but so far have managed to block users from doing almost anything in sysctl (sysctl -a will list keys, but sysctl hw.ncpu will say the oid was not found or something like that), or by mistake allow users to set any sysctl under the sun. I generally don't know what I'm doing as it's my first time hacking on the FreeBSD kernel, or any kernel in general for that matter. I was hoping that someone with more experience than myself would take pity or have some kind of zealous hatred to CTRLFLAG_ANYBODY as I do, and join me on my mission to relegate sysctl soley to the God powers of the mighty Root. Perhaps this could be a simple one off patch I apply, a compile time configuration, or a sysctl itself that controls the fate of CTLFLAG_ANYBODY. I'm not sure if that would be sacreligious or not. Thank you for your time. Hopefully as well for your thoughtful advice. Sincerely, Teran