Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Jan 2004 23:47:53 -0500
From:      Damian Gerow <dgerow@afflictions.org>
To:        Robert Watson <rwatson@freebsd.org>
Cc:        current@freebsd.org
Subject:   Re: Problems with net/net-snmp on 5.2-RELEASE?
Message-ID:  <20040116044753.GD26549@afflictions.org>
In-Reply-To: <Pine.NEB.3.96L.1040115183701.77946B-100000@fledge.watson.org>
References:  <20040115213447.GA40114@afflictions.org> <Pine.NEB.3.96L.1040115183701.77946B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thus spake Robert Watson (rwatson@freebsd.org) [15/01/04 19:10]:
: > Whoops.  Found the problem -- the default install of 5.2 doesn't appear
: > to mount /proc by default.  Mounted, problem (mostly) fixed.  Still have
: > some permission issues, but those I can handle. 
: 
: Hmm.  Do you have any idea why the SNMP agent needs access to procfs? 
: We've been trying to deprecate use of procfs due to long-standing security
: issues with the procfs approach (just look at the vulnerability lists for
: FreeBSD, Linux, and Solaris to see why...)  There are some services in
: procfs not found using the other interfaces, but frequently applications
: can get access to everything they need using either libkvm (which uses
: sysctl()), or using ptrace(). 

The abort happens when polling for .1.3.6.1.4.1.2021.10.1.5.1 and
.1.3.6.1.4.1.2021.10.1.5.2 -- ucdavis.laTable.laEntry.laLoadInt.1 and .2,
respectively.  I'm not sure why, exactly, as I haven't had the time to go
into in-depth debugging.  A quick attempt at running it through truss gives
me this:

    newhost# truss -o snmpd.out snmpd -DALL -Lf snmpd.debug -f
    truss: truss: cannot open /proc/curproc/mem: No such file or directory
    cannot open /proc/13877/mem: No such file or directory
    newhost# 

Pulling out process checks from snmpd.conf doesn't change its behaviour,
unsurprisingly.

Anything else you'd like me to try?

(And FWIW, no matter how I set the permissions, if snmpd isn't running as
root, it fails on opening /dev/mem.  I've currently got it set to 0660, and
the user snmpd runs as is part of the kmem group (yeah yeah, I know...).
For some reason, this Just Works on -STABLE, without the need to change
permissions or group membership.)

  - Damian

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040116044753.GD26549>