From owner-svn-src-head@freebsd.org Mon Jun 4 16:16:18 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8FAC9FF247B for ; Mon, 4 Jun 2018 16:16:18 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0466470463 for ; Mon, 4 Jun 2018 16:16:18 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x243.google.com with SMTP id d185-v6so10742185ioe.0 for ; Mon, 04 Jun 2018 09:16:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=00x3KuTUqxHFI/Ym8/PsiiNnKPDzpFDFonWI4EIaNnI=; b=buw7xdydwl7v7T8mbYv2ztBUO0yL3Udn26jFTTnPRUCJ2Pc/gOzvqm2bjvjZQ7yj3T Qs7PDtq42fksOIB6biMKZEmnPgF6nXEjIX1r978jiyuTdfWuiE9D2rXlPJtqtyUKely4 rdLgxMhvAo76j8jbodwzhiosDxLN0gdkhn6T3LAwq6q5t900+I17ahdaxA7A8WfWrA9f KQfKW+4u4u+oaQoWIfLkYF3MfWUGj7BqXpG7hmsb7qOrZk7Tg2xNrq3+EDqhw4RVxMuh 6uayw6Nbnrlyb6UkI+1K1gr2Kb/4F/1+Ym0cGwVIDjmM3mkIWU9dN9kEjqPTfTOVjn8x 9wRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=00x3KuTUqxHFI/Ym8/PsiiNnKPDzpFDFonWI4EIaNnI=; b=t4D73U59Q4J4tzgY/UvDuwcYm3N9Y8W3cMUlA6PRIbCS5g3LiXjx4Obp8sgIkYQEae GUiOnhZ++7LiksGSogsyj/I9gF1iRtFiy/POVUdvjSjQXtcfJQd5n2zfNWf7D2uWnGtM v82PpSXyyzKBMWU+isB89DGmXqnY/j6RWJQxHEF1Cav2Uv2Mu8fVelWfI1/lNsgthjLz fPtpbEJ0h3A9x+QEGbggcZsEuEYBcitysVpSPuzHd1qY8a9ToukkLsAQLs+Ss8DJP8Nk 09X0Iks1VmTt4oPEzPnbNSffByhX8pnAjkUeiz1ouLg5zk3zzfYCTzPqY8l70ddTUdHH +KwQ== X-Gm-Message-State: ALKqPwdm+sQ72z+s2MeDgrEyId9Q6CZraM+fqg1hjDXFsG2uJyE6d2vN JAM1rNDcF8bk+/UF1nWxt6qzK7RqeXqGElNFGDzUnw== X-Google-Smtp-Source: ADUXVKKH830U7ELNcLae9/aD/hj+SfNu6S98fS9l+5UsTOy3OVkSMmyTScdnV76ctgIQOaaoEtmZdYHtt6GBz78useE= X-Received: by 2002:a6b:284b:: with SMTP id o72-v6mr21742691ioo.168.1528128977331; Mon, 04 Jun 2018 09:16:17 -0700 (PDT) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 2002:a4f:d028:0:0:0:0:0 with HTTP; Mon, 4 Jun 2018 09:16:16 -0700 (PDT) X-Originating-IP: [2603:300b:6:5100:1052:acc7:f9de:2b6d] In-Reply-To: <201806041513.w54FDMZn096288@pdx.rh.CN85.dnsmgr.net> References: <201806041513.w54FDMZn096288@pdx.rh.CN85.dnsmgr.net> From: Warner Losh Date: Mon, 4 Jun 2018 10:16:16 -0600 X-Google-Sender-Auth: S_NxI-uWIvE8qRQC8LewrqAULRQ Message-ID: Subject: Re: svn commit: r334543 - head/usr.bin/top To: "Rodney W. Grimes" Cc: Don Lewis , Eitan Adler , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2018 16:16:18 -0000 On Mon, Jun 4, 2018 at 9:13 AM, Rodney W. Grimes < freebsd@pdx.rh.cn85.dnsmgr.net> wrote: > > On 2 Jun, Rodney W. Grimes wrote: > > >> Author: eadler > > >> Date: Sat Jun 2 22:06:27 2018 > > >> New Revision: 334543 > > >> URL: https://svnweb.freebsd.org/changeset/base/334543 > > >> > > >> Log: > > >> top(1): chdir to / as init; remove unneeded comment > > >> > > >> - chdir to / to allow unmounting of wd > > >> - remove warning about running top(1) as setuid. If this is a > concern we > > >> should just drop privs instead. > > >> > > >> Modified: > > >> head/usr.bin/top/machine.c > > >> head/usr.bin/top/top.c > > >> > > >> Modified: head/usr.bin/top/machine.c > > >> ============================================================ > ================== > > >> --- head/usr.bin/top/machine.c Sat Jun 2 21:50:00 2018 > (r334542) > > >> +++ head/usr.bin/top/machine.c Sat Jun 2 22:06:27 2018 > (r334543) > > >> @@ -1613,11 +1613,6 @@ compare_ivcsw(const void *arg1, const void > *arg2) > > >> /* > > >> * proc_owner(pid) - returns the uid that owns process "pid", or -1 > if > > >> * the process does not exist. > > >> - * It is EXTREMELY IMPORTANT that this function work > correctly. > > >> - * If top runs setuid root (as in SVR4), then this > function > > >> - * is the only thing that stands in the way of a > serious > > >> - * security problem. It validates requests for the > "kill" > > >> - * and "renice" commands. > > >> */ > > >> > > >> int > > >> > > >> Modified: head/usr.bin/top/top.c > > >> ============================================================ > ================== > > >> --- head/usr.bin/top/top.c Sat Jun 2 21:50:00 2018 (r334542) > > >> +++ head/usr.bin/top/top.c Sat Jun 2 22:06:27 2018 (r334543) > > >> @@ -260,6 +260,15 @@ main(int argc, char *argv[]) > > >> #define CMD_order 26 > > >> #define CMD_pid 27 > > >> > > >> + /* > > >> + * Since top(1) is often long running and > > >> + * doesn't typically care about where its running from > > >> + * chdir to the root to allow unmounting of its > > >> + * originall wd. Failure is alright as this is > > >> + * just a courtesy for users. > > >> + */ > > >> + chdir("/"); > > >> + > > > > > > Bad side effect of doing that is it is not hard to get a "core" > > > from top when run as a user, as it is going to try to write > > > to /, and it probably does not have permission for that. > > > > > > Better might be a cd to /tmp, or /var/tmp, which are usually > > > hard to unmount for these reasons anyway. > > > > Unless you start top using the exec shell builtin, the shell that you > > use to launch top will also be long running and will also prevent its > > $cwd from being unmounted. > > Thats a good point, so that makes the chdir worthless. Turns out it wasn't completely useless, but the usefulness ended before FreeBSD 1.0 was released. > > If you do use exec, then you will get logged out when you kill top ... > > :-(. > > The long standing (30 years) solution is to use lsof and find > the processes that have cwd's in what ever it is you want to > unmount. > 30 years is a bit too long. lsof didn't exist until 1991. :) The issues that prompted top to cd to / didn't get fixed until SysVr4 / early BSD kernels in the early 90s, and didn't make it into some vendor code until the mid 90's. > Special casing top(1) is just a none solution to the > can not unmount foo problem. > True. It used to be critically important to do. Now, it's irrelevant. I posted a longer version why after doing some research. Basically, through the early System V releases, rebooting was weird and long running processes had to take actions to ensure they didn't accidentally hold references to non / filesystems. That did get fixed by the late 80's / early 90's, so it's pointless these days. I'd misremembered the details over the weekend, so forget I said it was a good change :) Warner