Date: Sat, 24 Jul 1999 11:24:39 -0600 From: Nate Williams <nate@mt.sri.com> To: jkoshy@FreeBSD.ORG Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: deny ktrace without read permissions? Message-ID: <199907241724.LAA13835@mt.sri.com> In-Reply-To: <199907240512.WAA19120@freefall.freebsd.org> References: <199907240512.WAA19120@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > PR bin/3546 asks that `ktrace(1)' not be allowed on files that do not have > read permissions for the user attempting to execute them. > > The intent of this change is to prevent a user from seeing how an > executable with '--x--x--x' perms works by ktrace'ing its execution. > > My question to the -hackers is: is this a useful semantic? Would it break > anything if added? If we make kernel auditing based upon KTRACE (which may or may not happen), this is not a useful change since we need to be able to 'audit' system calls regardless of whether or not KTRACE is used. If this kind of addition is done, then it'll have to be removed since system auditing must occur and be essentially 'independant' of what options are used. If adding auditing has a negative effect on the successful completion of a system call, then it's not going to be used. (There are certain things that can't be avoided, such as additional CPU/memory use, but it should not effect whether or not the syscall is completed.) Also, I believe that KTRACE should be allowed since security through obscurity isn't a good reason to avoid letting the user see the syscall. If security is an issue, KTRACE shouldn't be in the system kernel. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907241724.LAA13835>