From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 18 01:01:06 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4230D37B407; Fri, 18 Jul 2003 01:01:06 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1623B43FAF; Fri, 18 Jul 2003 01:01:04 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 8FD283ABB4C; Fri, 18 Jul 2003 10:06:59 +0200 (CEST) Date: Fri, 18 Jul 2003 10:06:59 +0200 From: Pawel Jakub Dawidek To: Robert Watson Message-ID: <20030718080659.GA26490@garage.freebsd.pl> References: <20030715223653.Y36933-100000@mail.econolodgetulsa.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: freebsd-hackers@freebsd.org Subject: Re: running 5.1-RELEASE with no procfs mounted (lockups?) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2003 08:01:06 -0000 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 17, 2003 at 01:01:11PM -0400, Robert Watson wrote: +> Most system functionality that relied on procfs has been rewritten to re= ly +> on other mechanisms. In general, I advise against running procfs--it's +> interesting, but conceptually it's very risky. If you look at the histo= ry +> of security advisories on systems that supported procfs (FreeBSD, Linux, +> Solaris), you'll get a sense of why: procfs represents processes as file= s, +> and the semantics of processes and of files are very different. For +> example, with processes, there are notions of revoked access; processes +> are reused to hold several programs often running with different +> credentials. +>=20 +> The behavior I'm aware of that currently relies on procfs and has not yet +> been adapted to use ptrace() or sysctl() are: +>=20 +> ps -e Relies on groping around in the address space of each +> process to display environmental variables. I've prepare patch for this: http://garage.freebsd.pl/patches/ps-e.patch +> truss Relies on the event model of procfs; there have been some +> initial patches and discussion of migrating truss to ptrace() but +> I don't think we have anything very usable yet. I'd be happy to +> be corrected on this. :-) Hmm, why to change this behaviour? Is there any functionality that ktrace(1) doesn't provide? IMHO made ugly hacks just to made truss(1) (for years procfs-dependent) working without procfs is a bad idea. It could only display some friendly message that procfs isn't mounted instead of: truss: cannot open /proc/25217/mem: No such file or directory truss: cannot open /proc/curproc/mem: No such file or directory --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPxeqoz/PhmMH/Mf1AQFinAP/QjMaOgMhdRqTV0JRzbcmvkc6zjTUySC1 7DTb0Beii2N7oCNTGk1g2tOD/AGhIZZOwfJU+/A2H7PZ63DiCWcbpgWHRiZcu7GC 8BbPvDN5Nl/EqjJJa6A9vMT/R5xVWEyKCLiCwGw+Sk+0KdIqrLnZHZTo3JdlZe90 s2GAedZZPcM= =CD8O -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--