Date: Mon, 26 Jan 2009 05:28:29 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: Ed Schouten <ed@80386.nl> Cc: svn-src-head@freebsd.org, Tom Rhodes <trhodes@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, Bruce Evans <brde@optusnet.com.au> Subject: Re: svn commit: r187607 - head/usr.bin/truss Message-ID: <20090126051910.E2148@besplex.bde.org> In-Reply-To: <20090125175751.GC17198@hoeg.nl> References: <200901230058.n0N0wEjY026935@svn.freebsd.org> <20090125162123.GB17198@hoeg.nl> <20090126041926.J43097@delplex.bde.org> <20090125175751.GC17198@hoeg.nl>
index | next in thread | previous in thread | raw e-mail
On Sun, 25 Jan 2009, Ed Schouten wrote: > * Bruce Evans <brde@optusnet.com.au> wrote: >> I think it is the longstanding kernel bug in permissions checking >> generally, that the init process and some other non-kernel processes >> are bogusly marked as P_SYSTEM. I use the following fix (this may >> be incomplete): >> >> <snip> > > I just looked at the patch and it seems to do the right thing. I can't > seem to find any places in the kernel where it makes sense to let > init(8) use P_SYSTEM (except kern_sig.c ofcourse). I like the cleanups > you made, especially the comparisons with initproc instead of using the > pid. > > Would you mind if I commit your patch to SVN? OK, but please think about the following possible problems: - permissions should be decided in the usual way for init (root should not be restricted except for impossible things), but maybe something (jail?) depends on extra restrictions. - P_SYSTEM has something to do with swapping, and I also removed the PS_INMEM setting for init. I have always used NO_SWAPPING and haven't used a swap partition since memory sizes reached 64MB, so I wouldn't have noticed problems with this. init doesn't run often so it is quite likely to be swapped (if allowed to) if real memory runs out. Brucehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090126051910.E2148>