From owner-freebsd-audit  Fri Feb  2  9:14:48 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189])
	by hub.freebsd.org (Postfix) with SMTP id CA95437B4EC
	for <freebsd-audit@freebsd.org>; Fri,  2 Feb 2001 09:14:11 -0800 (PST)
Received: (qmail 16956 invoked by uid 1000); 2 Feb 2001 17:12:01 -0000
Date: Fri, 2 Feb 2001 19:12:01 +0200
From: Peter Pentchev <roam@orbitel.bg>
To: Robert Watson <rwatson@freebsd.org>
Cc: Thomas Moestl <tmoestl@gmx.net>, freebsd-audit@freebsd.org
Subject: Re: patch to remove setgid kmem from top
Message-ID: <20010202191201.X328@ringworld.oblivion.bg>
Mail-Followup-To: Robert Watson <rwatson@freebsd.org>,
	Thomas Moestl <tmoestl@gmx.net>, freebsd-audit@freebsd.org
References: <20010202015844.A1246@crow.dom2ip.de> <Pine.NEB.3.96L.1010202120001.30423B-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1010202120001.30423B-100000@fledge.watson.org>; from rwatson@freebsd.org on Fri, Feb 02, 2001 at 12:04:44PM -0500
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Feb 02, 2001 at 12:04:44PM -0500, Robert Watson wrote:
> 
> This is great -- I won't have a chance to look in detail at your patches
> for a bit, but it seems that this is a great step forwards.  I don't
> suppose you want to now turn your interest to netstat, vmstat, iostat,
> dmesg, nfsstat, pstat, and systat? :-)  Much of the information needed in
> many of these is already exported -- in my mind systat is the most
> important as it links against ncurses and provides an interactive
> interface.  Also, systat is least likely to suffer from the "but it won't
> work on a kernel dump" syndrome as it is generally not used for a post
> mortem.

Actually, working on a kernel dump has absolutely nothing to do with
suid/sgid-ness, IMHO..  I might be terribly wrong here, but doesn't
sgidness come because the utilities must examine the core kernel memory -
which is all in the dump file?  If working on a dump, do *stat really
need access to the memory/symbols of the *running* kernel?

G'luck,
Peter

-- 
This sentence would be seven words long if it were six words shorter.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message