Re: CVS commit: src/usr.bin/pmap

To: source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/usr.bin/pmap
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Sun, 26 Jun 2011 00:55:33 +0200

On 24.06.2011 00:50, Christos Zoulas wrote:
> Module Name:  src
> Committed By: christos
> Date:         Thu Jun 23 22:50:54 UTC 2011
> 
> Modified Files:
>       src/usr.bin/pmap: main.c
> 
> Log Message:
> Don't give out information about processes we can't control.

Thanks to Aleksey and you for fixing the procfs leak.

I wonder whether pmap's code is the right place to check for
"information" access control. It's difficult to modify except by
patching the source, does not protect from abusing/finding exploits to
circumvent the check (any executable that has kmem sgid rights is a
target), and there are other potential tools usable out there (lsof(1),
maybe?).

Isn't it something that rather fits the kauth(9) ACLs?

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: CVS commit: src/usr.bin/pmap
  - From: David Holland
- Re: CVS commit: src/usr.bin/pmap
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/sys/arch/evbppc/conf
Next by Date: Re: CVS commit: src/usr.bin/pmap
Previous by Thread: Re: CVS commit: src/sys/net
Next by Thread: Re: CVS commit: src/usr.bin/pmap
Indexes:

Home | Main Index | Thread Index | Old Index