From owner-freebsd-hackers Sat Feb 24 11:52:21 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E664B37B491 for ; Sat, 24 Feb 2001 11:52:17 -0800 (PST) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1OJqGh86168 for ; Sat, 24 Feb 2001 14:52:16 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 24 Feb 2001 14:52:16 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-hackers@FreeBSD.org Subject: patches to remove setgid kmem from systat (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm preparing to commit these changes in the next few days; when committing the last set of changes to top, there were some comments about sysctl namespace allocation, and so I'm looking for a bit more code review this time around since I'm not sure it got all the coverage it needed (other than security checks) on freebsd-audit. My current plan is to commit this on Wednesday. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services ---------- Forwarded message ---------- Date: Wed, 7 Feb 2001 01:25:20 +0100 From: Thomas Moestl To: freebsd-audit@freebsd.org Subject: patches to remove setgid kmem from systat Hi, here is a second set of patches (partly dependent on those previously posted for top), this time to remove setgid kmem from systat. Most data needed for systat -vmstat was already exported; I needed to add three sysctls, hw.nintr, hw.intrnames and hw.intrcnt. Those export the number of interrups, a list of zero-terminated interrupt names and a list if interrupt counters. I did not split the lists into various sysctls because I wanted to keep the old structures in the kernel (other programs might still use it), and doing it with the existing structures would be kind of a hassle. I think that is OK, though. For this, I had to add an include file for i386 and change one for alpha and ia64; I do not expect problems, but it would be good if someone could do a test-compile on one of these archs. systat -netstat uses only information that is currently exported via sysctl. For a large number of sockets, the new code might be slow, so the kvm code is still used if we have the privileges to access the relevant devices. For normal use, I think it is OK to remove setgid. The new patches are at: - for systat: http://www.tu-bs.de/~y0015675/systat.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl2.diff The top changes are at: - for top: http://www.tu-bs.de/~y0015675/top.diff - for libkvm: http://www.tu-bs.de/~y0015675/libkvm.diff - for the kernel: http://www.tu-bs.de/~y0015675/sysctl.diff (those have been updated since my last post to remove some compile-time warnings, most of which weren't my fault ;-) Could these patches please reviewed and committed if OK? - thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message