From owner-freebsd-hackers@freebsd.org Sat Jun 20 19:38:19 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5F459332B9D for ; Sat, 20 Jun 2020 19:38:19 +0000 (UTC) (envelope-from sega01@go-beyond.org) Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49q5Z24FtWz4g8L for ; Sat, 20 Jun 2020 19:38:18 +0000 (UTC) (envelope-from sega01@go-beyond.org) Received: from [160.3.200.8] (port=57183 helo=localhost) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1jmjJf-0004QY-QA; Sat, 20 Jun 2020 20:38:16 +0100 Date: Sat, 20 Jun 2020 19:38:12 +0000 From: Teran McKinney To: Alfonso Siciliano Cc: freebsd-hackers@freebsd.org Subject: Re: An option to ignore sysctl CTLFLAG_ANYBODY Message-ID: <20200620193812.GB52749@daemon> References: <20200618172721.GA28529@daemon> <20200620204810.89d433d1905cfb03dae1db74@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200620204810.89d433d1905cfb03dae1db74@gmail.com> X-BlackCat-Spam-Score: 4 X-Spam-Status: No, score=0.4 X-Rspamd-Queue-Id: 49q5Z24FtWz4g8L X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of sega01@go-beyond.org designates 2a00:1098:0:86:1000:0:2:1 as permitted sender) smtp.mailfrom=sega01@go-beyond.org X-Spamd-Result: default: False [-2.77 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.91)[-0.906]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1098::86:1000:0:2:1]; NEURAL_HAM_LONG(-1.05)[-1.053]; MIME_GOOD(-0.10)[text/plain]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_NA(0.00)[go-beyond.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.91)[-0.915]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:44684, ipnet:2a00:1098::/32, country:GB]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2a00:1098:0:86:1000:0:2:1:from] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jun 2020 19:38:19 -0000 On 2020-06-20 20-48-10 , Alfonso Siciliano wrote: > Hi Teran, > > I had a look at kern_sysctl.c, you could recompile the kernel changing: > https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122 > > from > /* Is this sysctl writable by only privileged users? */ > if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { > to > /* Is this sysctl writable? */ > if (req->newptr) { > > so, sysctl(3) has to call/check priv_check() every time you pass a new value. > > > I generally don't know what I'm doing as it's my first time hacking > > on the FreeBSD kernel, or any kernel in general for that matter. > > Another (silly :D) solution is a kernel module (nice for training): > it could explore the MIB to set CTLFLAG_ANYBODY to 0 for each object. > > > Happy Hacking, > > Alfonso Hi Alfonso, I appreciate your reply! I have tried that and it does work. The problem is that even a simple read call like `sysctl hw.ncpu` will return an error for non-root users. Which, while not essential, would be nice to keep. My current workaround, which behaves exactly the same way, is setting CTLFLAG_ANYBODY to 0. That function always returns true in that case. Interesting idea about the kernel module. Sincerely, Teran