Date: Fri, 3 Aug 2001 10:13:23 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/fs/procfs procfs.h procfs_mem.c procfs_vnops.c Message-ID: <200108031713.f73HDNA44562@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/08/03 10:13:23 PDT
Modified files:
sys/fs/procfs procfs.h procfs_mem.c procfs_vnops.c
Log:
Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group. With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.
This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.
Reviewed by: tmm
Obtained from: TrustedBSD Project
Revision Changes Path
1.36 +1 -3 src/sys/fs/procfs/procfs.h
1.53 +5 -35 src/sys/fs/procfs/procfs_mem.c
1.100 +6 -7 src/sys/fs/procfs/procfs_vnops.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108031713.f73HDNA44562>