Date: Wed, 27 Jun 2001 18:29:15 -0700 From: Dima Dorfman <dima@unixfreak.org> To: hackers@FreeBSD.org, ru@FreeBSD.org Subject: Re: ifmcstat(8) setgidness Message-ID: <20010628012915.D2E1A3E2F@bazooka.unixfreak.org> In-Reply-To: <20010627120513.B14399@sunbay.com>; from ru@FreeBSD.org on "Wed, 27 Jun 2001 12:05:13 %2B0300"
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov <ru@FreeBSD.org> writes: > On Wed, Jun 27, 2001 at 01:29:28AM -0700, Dima Dorfman wrote: > > Ruslan Ermilov <ru@FreeBSD.ORG> writes: > > > On Tue, Jun 26, 2001 at 03:04:07PM -0700, Dima Dorfman wrote: > > > > Hi folks, > > > > > > > > Is there a particular reason, other than the desire for more setgid > > > > programs, that ifmcstat(8) is setgid kmem? It seems that there's no > > > > reason anyone but root would want to use it, anyway. OpenBSD and > > > > NetBSD already nuked its setgid bit; any reason why we shouldn't > > > > follow suit? > > > > > > > $ ifmcstat > > > kvm_openfiles: Permission denied > > > > I don't follow. Yes, it needs access to kmem to work. However, I > > don't see why anyone other than root would need to run it, so why is > > it setgid? root can access kmem either way. > > > Could you please elaborate on why it should be restricted to root only? Because it looks like it doesn't provide any information that anyone other than the administrator would find useful (if I'm seeing things, please let me know), and the less setgid programs in the system the better our overworked security officer(s) sleep at night :-). > OpenBSD's and NetBSD's commitlogs are too terse. This is quite an understatement! Dima Dorfman dima@unixfreak.org > > > Cheers, > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010628012915.D2E1A3E2F>