This is needed for capsicumization of some network code. These lists
are maintained by the kernel and can be dumped by any user (e.g., with
ndp -p or ndp -r); I can't see any reason to prohibit access in cap
mode.
Details
Details
Diff Detail
Diff Detail
- Lint
Lint Passed - Unit
No Test Coverage - Build Status
Buildable 20094 Build 19592: arc lint + arc unit
Event Timeline
Comment Actions
I considered that and decided not to for two reasons:
- These sysctls don't have names, so the existing API isn't sufficient.
- It seems a bit silly - what do we gain by restricting access to these read-only sysctls?
If 1) can be addressed, I'll do it, but I don't understand the threat model which makes that approach preferable.
Comment Actions
I don't need this after all: the code which uses the sysctl value performs some other actions which require a casper helper.
We also discussed this a bit at MeetBSD; Mariusz made the point that the approach of exposing whichever random sysctls happen to be needed isn't really sustainable. I'm doing some work to flesh out cap_sysctl a bit further.