Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 May 2001 09:31:00 +0300
From:      Peter Pentchev <roam@orbitel.bg>
To:        Dima Dorfman <dima@unixfreak.org>
Cc:        Thomas Moestl <tmm@unixfreak.org>, audit@freebsd.org
Subject:   Re: Patch to remove setgid bit from ipcs(1)
Message-ID:  <20010523093100.B12889@ringworld.oblivion.bg>
In-Reply-To: <20010523032924.3878C3E7D@bazooka.unixfreak.org>; from dima@unixfreak.org on Tue, May 22, 2001 at 08:29:24PM -0700
References:  <20010523011938.A8824@crow.dom2ip.de> <20010523032924.3878C3E7D@bazooka.unixfreak.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 22, 2001 at 08:29:24PM -0700, Dima Dorfman wrote:
> > 
> > > Index: sys/kern/sysv_sem.c
> > > ===================================================================
> > > RCS file: /stl/src/FreeBSD/src/sys/kern/sysv_sem.c,v
> > > retrieving revision 1.32
> > > diff -u -r1.32 sysv_sem.c
> > > --- sys/kern/sysv_sem.c	2001/02/21 06:39:54	1.32
> > > +++ sys/kern/sysv_sem.c	2001/05/20 22:54:55
> > > @@ -28,6 +28,7 @@
> > >  static int sysvsem_modload __P((struct module *, int, void *));
> > >  static int semunload __P((void));
> > >  static void semexit_myhook __P((struct proc *p));
> > > +static int sysctl_sema __P((SYSCTL_HANDLER_ARGS));
> > >  
> > >  #ifndef _SYS_SYSPROTO_H_
> > >  struct __semctl_args;
> > > @@ -148,6 +149,9 @@
> > >  SYSCTL_INT(_kern_ipc, OID_AUTO, semusz, CTLFLAG_RD, &seminfo.semusz, 0, ""
> > );
> > >  SYSCTL_INT(_kern_ipc, OID_AUTO, semvmx, CTLFLAG_RW, &seminfo.semvmx, 0, ""
> > );
> > >  SYSCTL_INT(_kern_ipc, OID_AUTO, semaem, CTLFLAG_RW, &seminfo.semaem, 0, ""
> > );
> > > +SYSCTL_STRUCT(_kern_ipc, OID_AUTO, seminfo, CTLFLAG_RD, &seminfo, seminfo,
> >  "");
> > 
> > Hmm, it seems to me that we export all members of this structure, so
> > why export it again as a whole? While it might be better to pack things
> > into a structure (which may however introduce problems when the
> > structure changes), I'm not sure whether should really export this
> > more than once just because of that.
> > This also seems to apply to shared memory part.
> 
> It's a compromise between exorting the entire structure or
> complicating the userland part to do sysctl on all the different
> fields and construct the structure itself.  This was the simpler
> approach, which is why I chose it.  Do you think it's worth
> complicating the kget() routine instead?

Wouldn't exporting the whole structure lead to one more of those
userland dependencies on the kernel?  Not that I expect the shm
kernel structs to change way too often, but still, exporting
a whole structure does require that the userland program know
the exact structure layout.

Have you looked at another way - an opaque sysctl with contents
generated on-the-fly by a reader function?  This sysctl would
contain all the userland-needed data, and only that data, and
its format would not change when the kernel structure layout
is changed.  It could even have some kind of version/size tag
at the start - or maybe that would be overkill..

Just random thoughts.. :)

G'luck,
Peter

-- 
because I didn't think of a good beginning of it.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010523093100.B12889>