Date: Sat, 20 Jun 2020 19:38:12 +0000 From: Teran McKinney <sega01@go-beyond.org> To: Alfonso Siciliano <alfix86@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: An option to ignore sysctl CTLFLAG_ANYBODY Message-ID: <20200620193812.GB52749@daemon> In-Reply-To: <20200620204810.89d433d1905cfb03dae1db74@gmail.com> References: <20200618172721.GA28529@daemon> <20200620204810.89d433d1905cfb03dae1db74@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-06-20 20-48-10 , Alfonso Siciliano wrote: > Hi Teran, > > I had a look at kern_sysctl.c, you could recompile the kernel changing: > https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122 > > from > /* Is this sysctl writable by only privileged users? */ > if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { > to > /* Is this sysctl writable? */ > if (req->newptr) { > > so, sysctl(3) has to call/check priv_check() every time you pass a new value. > > > I generally don't know what I'm doing as it's my first time hacking > > on the FreeBSD kernel, or any kernel in general for that matter. > > Another (silly :D) solution is a kernel module (nice for training): > it could explore the MIB to set CTLFLAG_ANYBODY to 0 for each object. > > > Happy Hacking, > > Alfonso Hi Alfonso, I appreciate your reply! I have tried that and it does work. The problem is that even a simple read call like `sysctl hw.ncpu` will return an error for non-root users. Which, while not essential, would be nice to keep. My current workaround, which behaves exactly the same way, is setting CTLFLAG_ANYBODY to 0. That function always returns true in that case. Interesting idea about the kernel module. Sincerely, Teran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200620193812.GB52749>