Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 24 Feb 2001 14:52:16 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        freebsd-hackers@FreeBSD.org
Subject:   patches to remove setgid kmem from systat (fwd)
Message-ID:  <Pine.NEB.3.96L.1010224143234.85229B-100000@fledge.watson.org>

next in thread | raw e-mail | index | archive | help

I'm preparing to commit these changes in the next few days; when
committing the last set of changes to top, there were some comments about
sysctl namespace allocation, and so I'm looking for a bit more code review
this time around since I'm not sure it got all the coverage it needed
(other than security checks) on freebsd-audit.  My current plan is to
commit this on Wednesday. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

---------- Forwarded message ----------
Date: Wed, 7 Feb 2001 01:25:20 +0100
From: Thomas Moestl <tmoestl@gmx.net>
To: freebsd-audit@freebsd.org
Subject: patches to remove setgid kmem from systat

Hi,

here is a second set of patches (partly dependent on those previously
posted for top), this time to remove setgid kmem from systat.

Most data needed for systat -vmstat was already exported; I needed
to add three sysctls, hw.nintr, hw.intrnames and hw.intrcnt. Those
export the number of interrups, a list of zero-terminated interrupt
names and a list if interrupt counters. I did not split the lists
into various sysctls because I wanted to keep the old structures
in the kernel (other programs might still use it), and doing it
with the existing structures would be kind of a hassle. I think
that is OK, though.
For this, I had to add an include file for i386 and change one
for alpha and ia64; I do not expect problems, but it would be good
if someone could do a test-compile on one of these archs.

systat -netstat uses only information that is currently exported via 
sysctl. For a large number of sockets, the new code might be slow, so 
the kvm code is still used if we have the privileges to access the 
relevant devices. For normal use, I think it is OK to remove setgid.

The new patches are at:
- for systat: http://www.tu-bs.de/~y0015675/systat.diff
- for the kernel: http://www.tu-bs.de/~y0015675/sysctl2.diff

The top changes are at:
- for top: http://www.tu-bs.de/~y0015675/top.diff
- for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff
- for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff
(those have been updated since my last post to remove some compile-time
warnings, most of which weren't my fault ;-)

Could these patches please reviewed and committed if OK?

	- thomas


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010224143234.85229B-100000>