DragonFly submit List (threaded) for 2005-09
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
[PATCH] Move various sysctls to node security
Hi,
I moved the following sysctl's to a new parent node named security:
- kern.ps_showallprocs
- kern.ps_showallthreads
- kern.unprivileged_read_msgbuf
- kern.hardlink_check_uid
- kern.hardlink_check_gid
I think security is more intuitive than kern :)
Discussed with: joerg@ on IRC
Matthias
diff -urN sys.orig/kern/kern_mib.c sys/kern/kern_mib.c
--- sys.orig/kern/kern_mib.c 2005-09-30 11:12:54.000000000 +0200
+++ sys/kern/kern_mib.c 2005-09-30 13:25:52.000000000 +0200
@@ -74,6 +74,8 @@
"p1003_1b, (see p1003_1b.h)");
SYSCTL_NODE(, CTL_LWKT, lwkt, CTLFLAG_RW, 0,
"light weight kernel threads");
+SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW, 0,
+ "Security");
SYSCTL_NODE(, OID_AUTO, compat, CTLFLAG_RW, 0,
"Compatibility code");
diff -urN sys.orig/kern/kern_proc.c sys/kern/kern_proc.c
--- sys.orig/kern/kern_proc.c 2005-09-30 11:12:54.000000000 +0200
+++ sys/kern/kern_proc.c 2005-09-30 13:43:13.000000000 +0200
@@ -58,12 +58,15 @@
static MALLOC_DEFINE(M_PROC, "proc", "Proc structures");
MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures");
+SYSCTL_DECL(_security);
int ps_showallprocs = 1;
static int ps_showallthreads = 1;
-SYSCTL_INT(_kern, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
- &ps_showallprocs, 0, "");
-SYSCTL_INT(_kern, OID_AUTO, ps_showallthreads, CTLFLAG_RW,
- &ps_showallthreads, 0, "");
+SYSCTL_INT(_security, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
+ &ps_showallprocs, 0,
+ "Unprivileged processes can see proccesses with different UID/GID");
+SYSCTL_INT(_security, OID_AUTO, ps_showallthreads, CTLFLAG_RW,
+ &ps_showallthreads, 0,
+ "Unprivileged processes can see kernel threads");
static void pgdelete (struct pgrp *);
diff -urN sys.orig/kern/subr_prf.c sys/kern/subr_prf.c
--- sys.orig/kern/subr_prf.c 2005-09-30 11:12:56.000000000 +0200
+++ sys/kern/subr_prf.c 2005-09-30 13:43:28.000000000 +0200
@@ -100,8 +100,9 @@
SYSCTL_INT(_kern, OID_AUTO, log_console_output, CTLFLAG_RW,
&log_console_output, 0, "");
+SYSCTL_DECL(_security);
static int unprivileged_read_msgbuf = 1;
-SYSCTL_INT(_kern, OID_AUTO, unprivileged_read_msgbuf, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, unprivileged_read_msgbuf, CTLFLAG_RW,
&unprivileged_read_msgbuf, 0,
"Unprivileged processes may read the kernel message buffer");
diff -urN sys.orig/kern/vfs_syscalls.c sys/kern/vfs_syscalls.c
--- sys.orig/kern/vfs_syscalls.c 2005-09-30 11:12:57.000000000 +0200
+++ sys/kern/vfs_syscalls.c 2005-09-30 13:43:41.000000000 +0200
@@ -1569,13 +1569,14 @@
return (error);
}
+SYSCTL_DECL(_security);
static int hardlink_check_uid = 0;
-SYSCTL_INT(_kern, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
&hardlink_check_uid, 0,
"Unprivileged processes cannot create hard links to files owned by other "
"users");
static int hardlink_check_gid = 0;
-SYSCTL_INT(_kern, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
&hardlink_check_gid, 0,
"Unprivileged processes cannot create hard links to files owned by other "
"groups");
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
