Date: Tue, 30 Jan 2001 12:18:46 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/sysutils/gkrellm Makefile distinfo Message-ID: <Pine.NEB.3.96L.1010130120411.29561C-100000@fledge.watson.org> In-Reply-To: <20010130085013.B51965@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Jan 2001, Kris Kennaway wrote: > On Tue, Jan 30, 2001 at 04:06:59AM -0800, Hajimu UMEMOTO wrote: > > ume 2001/01/30 04:06:59 PST > > > > Modified files: > > sysutils/gkrellm Makefile distinfo > > Log: > > Update to 1.0.6. > > If linprocfs is available, this version works with no extra kmem > > privilege under 5.0-CURRENT. In this time, since we cannot obtain > > swap information by safety way, when gkrellm cannot access kmem, > > gkrellm tries to use linprocfs for swap information. > > Argh, the slippery slope begins! > > We need to make this information available via regular procfs (you sure > it's not already?) Native applications *should not* need to use > linprocfs. I agree on this front -- it would be nice if only Linux native binary applications made use of linprocfs. If we do discover deficiencies in the data exported form sysctl (or via ioctl's/whatever), we should fix it instead of introducing new kmem dependencies. I'd like for us to have a goal of eliminating all setgid-kmem binaries from 5.0-RELEASE. Right now, that means we need to look at cleaning up (as of a Dec 6 -CURRENT box, I think, so may have changed some): ccdconfig dmesg fstat ipcs netstat nfsstat systat top vmstat ifmcstat iostat pstat swapinfo trpt If ccd is now deprecated by vinum, we should probably just remove the flag from ccdconfig and make it require root access. Dmesg should be modified to use a sysctl, and if not already done, exporting the msgbuf via sysctl should be straight-forward enough. Most of the others can be fixed to use sysctl, although new information will have to be exposed; not sure how to handle fstat, ipcs, or trpt. systat needs to be updated to use the network information gathering sysctl code in netstat; I think I fixed most other instances of systat relying on kmem. The VM system needs to export bucket/pool information using sysctl still, I believe, to get vmstat doing the right thing. Some caution does need to be excercised in exporting information about the system, especially per-process information, which should be properly limited using p_can(...P_CANSEE) so as to pay attention to jail() and future MAC code. For some reason, doscmd is group kmem, but not setgid. doscmd should be switched to match other binaries. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010130120411.29561C-100000>