HomeFreeBSD

Prior to support for almost all ps activity via sysctl, ps used procfs,
rS81107Unpublished

Unpublished Commit ยท Learn More

No further details are available.

Description

Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group. With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.

This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.

Reviewed by: tmm
Obtained from: TrustedBSD Project

Details

Provenance
rwatsonAuthored on
Parents
rS81106: Don't terminate the uiomove() loop on a zero-length mbuf. It's not
Branches
Unknown
Tags
Unknown

Event Timeline