Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Feb 2001 20:33:49 -0800
From:      Peter Wemm <peter@netplex.com.au>
To:        Matt Dillon <dillon@earth.backplane.com>
Cc:        Warner Losh <imp@harmony.village.org>, Robert Watson <rwatson@FreeBSD.ORG>, Peter Pentchev <roam@orbitel.bg>, Dag-Erling Smorgrav <des@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h 
Message-ID:  <200102130433.f1D4XnU58135@mobile.wemm.org>
In-Reply-To: <200102121823.f1CINTB07769@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matt Dillon wrote:
> :Warner Losh wrote:
> :> In message <Pine.NEB.3.96L.1010122142028.19966D-100000@fledge.watson.org> 
    Rob
> :    ert Watson writes:
> :> : appreciated.   (this will also make it easier for portable kernel
> :> : monitoring tools to be written, and allow graphical monitoring tools to
> :> : run with less privilege).
> :> 
> :> And generally make for a happier security officer team :-)
> :
> :And an unhappier team of people dealing with kernel crashdumps. :-(
> :
> :All this sysctl stuff is fine, but dont kill the crashdump reading code!
> :If -M or -N are specified then use the old way (and require root to be
> :running it).  Without -M or -N, use sysctl. 
> :
> :Cheers,
> :-Peter
> 
>    You don't need root to use -M and -N, you only need to be able to
>    access the dump files.

Sorry for not being specific about it.  I didn't mean to check for uid ==
root, I meant just rely on the user's existing privs to read the files.

But one had better hope that the dump files are only root accessible -
imagine all the priviliged info that could be in there...  (master.passwd,
spwd.db, ssh-agent in-memory decoded private keys, etc)

Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102130433.f1D4XnU58135>