Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/usr.bin/pmap
On 24.06.2011 00:50, Christos Zoulas wrote:
> Module Name: src
> Committed By: christos
> Date: Thu Jun 23 22:50:54 UTC 2011
>
> Modified Files:
> src/usr.bin/pmap: main.c
>
> Log Message:
> Don't give out information about processes we can't control.
Thanks to Aleksey and you for fixing the procfs leak.
I wonder whether pmap's code is the right place to check for
"information" access control. It's difficult to modify except by
patching the source, does not protect from abusing/finding exploits to
circumvent the check (any executable that has kmem sgid rights is a
target), and there are other potential tools usable out there (lsof(1),
maybe?).
Isn't it something that rather fits the kauth(9) ACLs?
--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost
Home |
Main Index |
Thread Index |
Old Index