Date: Wed, 1 May 2002 22:22:18 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: arch@freebsd.org Subject: Re: deperlifying sockstat(1) Message-ID: <Pine.NEB.3.96L.1020501222055.21461D-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1020501221605.21461B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 May 2002, Robert Watson wrote: > I'd love it if neither netstat nor sockstat required privilege to run, > and could extract it all from sysctl. If you do that, make sure you > call appropriate socket visibility hooks in the sysctl export so that it > DTRT for jail, MAC, etc. Eliminating setgid kmem even more will > continue to markedly improve the security of FreeBSD 5.0... I tweaked a > couple out, and Thomas Moestl did a large chunk of the remainder, but > there are still some that are left. In particular fixing systat would > be highly desirable, as it does a fair amount of I/O. FWIW, reviewing the binaries on my system, systat is no longer setgid. Thomas got it already. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020501222055.21461D-100000>