From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 30 18:42:30 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 05EC516A4CE for ; Wed, 30 Mar 2005 18:42:30 +0000 (GMT) Received: from mail14.syd.optusnet.com.au (mail14.syd.optusnet.com.au [211.29.132.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28FAD43D41 for ; Wed, 30 Mar 2005 18:42:29 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) j2UIgPwT018482 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 31 Mar 2005 04:42:27 +1000 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])j2UIgP7l075029; Thu, 31 Mar 2005 04:42:25 +1000 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost)j2UIgP5f075028; Thu, 31 Mar 2005 04:42:25 +1000 (EST) (envelope-from pjeremy) Date: Thu, 31 Mar 2005 04:42:25 +1000 From: Peter Jeremy To: "H. S." Message-ID: <20050330184224.GC71384@cirb503493.alcatel.com.au> References: <61910.81.84.174.37.1112123946.squirrel@mail.revolutionsp.com> <20050329213528.59dab2e2.flynn@energyhq.es.eu.org> <62208.81.84.174.37.1112130745.squirrel@mail.revolutionsp.com> <20050329193558.L33759@eleanor.us1.wmi.uvac.net> <63511.81.84.174.37.1112202327.squirrel@mail.revolutionsp.com> <63519.81.84.174.37.1112202413.squirrel@mail.revolutionsp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <63519.81.84.174.37.1112202413.squirrel@mail.revolutionsp.com> User-Agent: Mutt/1.4.2i cc: freebsd-hackers@freebsd.org Subject: Re: A few thoughts.. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Mar 2005 18:42:30 -0000 On Wed, 2005-Mar-30 11:06:53 -0600, H. S. wrote: >As I stated previously, I'm not much of a C programmer, but I can do some >coding. I've been thinking into changing the core of the system a bit to >return errors if some information is accessed by a normal user. Wouldn't making /sbin and /usr/sbin mode 750 be enough? > I'd like >to know if getuid() would work that deep in the system? In general, system calls can't be used within the kernel. The uid and gid could be determined by directly dereferencing curproc or the thread pointer passed around in most kernel internal calls. Note that the only checks the (non-MAC) kernel currently does is "root" or "not-root" using suser(9) (apart from the checks in kill(2)). Restrictions for non-root users are implemented using file permissions. > And how can I register sysctl mibs in the kernel ? Look at sysctl(3), /sys/sys/sysctl.h and (eg) /sys/kern/subr_msgbuf.c -- Peter Jeremy