From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 17 10:01:34 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E22137B401 for ; Thu, 17 Jul 2003 10:01:34 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 335EF43F3F for ; Thu, 17 Jul 2003 10:01:33 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h6HH1Cai065227; Thu, 17 Jul 2003 13:01:12 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h6HH1BCa065224; Thu, 17 Jul 2003 13:01:12 -0400 (EDT) Date: Thu, 17 Jul 2003 13:01:11 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Josh Brooks In-Reply-To: <20030715223653.Y36933-100000@mail.econolodgetulsa.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org Subject: Re: running 5.1-RELEASE with no procfs mounted (lockups?) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 17:01:34 -0000 On Tue, 15 Jul 2003, Josh Brooks wrote: > I have loaded two 5.1-RELEASE systems, both of them have PROCFS and > PSEUDOFS in the kernel, and yet neither of them have a procfs mounted. > > There is no procfs line in /etc/fstab by default, and no procfs is > mounted on the system in any way. > > > Question 1: Is this intentional ? Is it no longer needed/recommended > to > run a procfs ? Most system functionality that relied on procfs has been rewritten to rely on other mechanisms. In general, I advise against running procfs--it's interesting, but conceptually it's very risky. If you look at the history of security advisories on systems that supported procfs (FreeBSD, Linux, Solaris), you'll get a sense of why: procfs represents processes as files, and the semantics of processes and of files are very different. For example, with processes, there are notions of revoked access; processes are reused to hold several programs often running with different credentials. The behavior I'm aware of that currently relies on procfs and has not yet been adapted to use ptrace() or sysctl() are: ps -e Relies on groping around in the address space of each process to display environmental variables. truss Relies on the event model of procfs; there have been some initial patches and discussion of migrating truss to ptrace() but I don't think we have anything very usable yet. I'd be happy to be corrected on this. :-) Also, linprocfs, which offers many of the functions of procfs, relies on pseudofs, and is required to run many Linux emulated programs. Often for rather bizarre reasons (retrieving command line arguments from the per-process cmdline file...). > Question 2: Is this because I am running without procfs ? Or have > these > type of problems been seen in 5.1-RELEASE by other causes ? This is most likely unrelated. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories