Date: Wed, 24 Jan 2007 14:56:29 +0100 From: Max Laier <max@love2party.net> To: "Andrew N. Below" <defan@zenon.net> Cc: freebsd-hackers@freebsd.org Subject: Re: how to deny reading of several sysctls (for a set of uids, f.e.) Message-ID: <200701241456.39203.max@love2party.net> In-Reply-To: <web-17517891@mp.zenon.net> References: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net> <200701231410.25946.max@love2party.net> <web-17517891@mp.zenon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1483407.sNoK3KlFSD Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 24 January 2007 14:23, you wrote: > On Tue, 23 Jan 2007 14:10:19 +0100 > Max Laier <max@love2party.net> wrote: > > [..] > > > td->td_proc->p_ucred has the user credentials. You > >probably want to do > > your checks in userland_sysctl() according to the > >comment just above. > > Thanks, it is really what I need. > > Now I have once more question. > I made the kernel object with one check-function and all > works fine from userland via syscall(). > > Is there a documented possibility to use syscalls _inside_ > kernel code? > In other words, I need to call the function located in > loadable kernel object from kernel, doesn't matter how > this would be done (syscall, etc). > > My goal is to avoid kernel rebuilding each time after > function modification. > > Is it possible? You should use a function pointer. Look for example at "ip_dn_io_ptr" in=20 netinet. This is a function pointer that is populated from the dummynet=20 module and (if non-NULL) called from the kernel (or ip_fw_pfil.c). Note=20 that you might need some locking around the pointer access if you want to=20 be able to load and unload the module at will. OTOH, sysctl seems to be=20 protected by Giant anyways. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1483407.sNoK3KlFSD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFt2WXXyyEoT62BG0RArgOAJ9QHtBnJPFfYvnz3w5g7nH7aFYzRwCeNKDr zfsWFsEPT3g+pz849+pG8WE= =/c4K -----END PGP SIGNATURE----- --nextPart1483407.sNoK3KlFSD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701241456.39203.max>