Date: Sat, 20 Jun 2020 20:48:10 +0200 From: Alfonso Siciliano <alfix86@gmail.com> To: freebsd-hackers@freebsd.org Subject: Re: An option to ignore sysctl CTLFLAG_ANYBODY Message-ID: <20200620204810.89d433d1905cfb03dae1db74@gmail.com> In-Reply-To: <20200618172721.GA28529@daemon> References: <20200618172721.GA28529@daemon>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Jun 2020 17:27:21 +0000 Teran McKinney <sega01@go-beyond.org> wrote: > Dear freebsd-hackers, > > I apologize if I am using the wrong list for this. > > I am wondering what the best way is to remove CTLFLAG_ANYBODY > behavior on my systems. For my purposes, it's not desirable for any > user to be able to adjust certain sysctls. I'd prefer root to be > the only one able to adjust sysctl. Hi Teran, I had a look at kern_sysctl.c, you could recompile the kernel changing: https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122 from /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { to /* Is this sysctl writable? */ if (req->newptr) { so, sysctl(3) has to call/check priv_check() every time you pass a new value. > I generally don't know what I'm doing as it's my first time hacking > on the FreeBSD kernel, or any kernel in general for that matter. Another (silly :D) solution is a kernel module (nice for training): it could explore the MIB to set CTLFLAG_ANYBODY to 0 for each object. Happy Hacking, Alfonso --- Alfonso S. Siciliano http://alfix.gitlab.io
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200620204810.89d433d1905cfb03dae1db74>