Date: Fri, 02 May 2014 12:02:39 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Matthew Seaman <matthew@FreeBSD.org> Cc: Corey Smith <corsmith@gmail.com>, freebsd-security@freebsd.org, d@delphij.net Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:07.devfs Message-ID: <86tx98ijls.fsf@nine.des.no> In-Reply-To: <53614D16.9060206@FreeBSD.org> (Matthew Seaman's message of "Wed, 30 Apr 2014 20:20:54 %2B0100") References: <CAHQQXOM_OBzsiLLxtUTFY1KQNAftz-GRQv3tV6zD3iENt9%2Bjcg@mail.gmail.com> <536147DE.5030703@delphij.net> <53614D16.9060206@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman <matthew@FreeBSD.org> writes: > You can start snmpd with the '-r' flag which means it will at least run > without needing access to /dev/mem or anything else privileged, but at > the cost of reduced functionality. For instance the 'proc foo' test to > check on the presence of a foo process doesn't work. Quite why that > should need rootly privilege I do not know: it's effectively the same as > grepping the output of 'ps -acx'. It probably uses libkvm instead of the newer libprocstat, which does not require access to /dev/mem. The only reason you'd ever want to use libkvm is if you want to be able to operate on kernel dumps. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86tx98ijls.fsf>