Date: Mon, 26 Jan 2009 05:28:29 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: Ed Schouten <ed@80386.nl> Cc: svn-src-head@freebsd.org, Tom Rhodes <trhodes@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, Bruce Evans <brde@optusnet.com.au> Subject: Re: svn commit: r187607 - head/usr.bin/truss Message-ID: <20090126051910.E2148@besplex.bde.org> In-Reply-To: <20090125175751.GC17198@hoeg.nl> References: <200901230058.n0N0wEjY026935@svn.freebsd.org> <20090125162123.GB17198@hoeg.nl> <20090126041926.J43097@delplex.bde.org> <20090125175751.GC17198@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 25 Jan 2009, Ed Schouten wrote: > * Bruce Evans <brde@optusnet.com.au> wrote: >> I think it is the longstanding kernel bug in permissions checking >> generally, that the init process and some other non-kernel processes >> are bogusly marked as P_SYSTEM. I use the following fix (this may >> be incomplete): >> >> <snip> > > I just looked at the patch and it seems to do the right thing. I can't > seem to find any places in the kernel where it makes sense to let > init(8) use P_SYSTEM (except kern_sig.c ofcourse). I like the cleanups > you made, especially the comparisons with initproc instead of using the > pid. > > Would you mind if I commit your patch to SVN? OK, but please think about the following possible problems: - permissions should be decided in the usual way for init (root should not be restricted except for impossible things), but maybe something (jail?) depends on extra restrictions. - P_SYSTEM has something to do with swapping, and I also removed the PS_INMEM setting for init. I have always used NO_SWAPPING and haven't used a swap partition since memory sizes reached 64MB, so I wouldn't have noticed problems with this. init doesn't run often so it is quite likely to be swapped (if allowed to) if real memory runs out. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090126051910.E2148>