Date: Tue, 23 Jan 2007 14:10:19 +0100 From: Max Laier <max@love2party.net> To: freebsd-hackers@freebsd.org Cc: "Andrew N. Below" <defan@zenon.net> Subject: Re: how to deny reading of several sysctls (for a set of uids, f.e.) Message-ID: <200701231410.25946.max@love2party.net> In-Reply-To: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net> References: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1579798.YI70Pe6SDu Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 23 January 2007 12:44, Andrew N. Below wrote: > System - RELENG_6. > > Easiest way I found is to patch libc. > But in this case we still can get an original library and use > LD_PRELOAD. > > Is there any way to obtain uid of calling process (thread?) > within the kernel? > > We have following extern in src/lib/libc/gen/sysctl.c: > [..] > extern int __sysctl(int *name, u_int namelen, void *oldp, size_t > *oldlenp, void *newp, size_t newlen); > [..] > > And there is __sysctl (src/sys/kern/kern_sysctl.c): > > [..] > /* > * MPSAFE > */ > int > __sysctl(struct thread *td, struct sysctl_args *uap) > [..] > > 1. Whether this function is called from libc sysctl() ? > > 2. What can we get from td here? My knowledge about FreeBSD kernel > and kernel threads is not yet enough for understanding this. td->td_proc->p_ucred has the user credentials. You probably want to do=20 your checks in userland_sysctl() according to the comment just above. > I also thought about passing control variable from libc > to kernel, but it seems to be bad idea. > > Any other ways? =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1579798.YI70Pe6SDu Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFtglBXyyEoT62BG0RApg3AJwIbm10Z5FzGgf7LB0rCRNjBAjdjACdE9Zz owIr66gd37/k8kx1WHsvAOE= =+aSz -----END PGP SIGNATURE----- --nextPart1579798.YI70Pe6SDu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701231410.25946.max>