Re: A few thoughts..
From: Peter Jeremy (PeterJeremy_at_optushome.com.au)
Date: 03/30/05
- Previous message: Florent Thoumie: "Re: the best form to wait the finish of execution of a child..."
- In reply to: H. S.: "Re: A few thoughts.."
- Next in thread: H. S.: "Re: A few thoughts.."
- Reply: H. S.: "Re: A few thoughts.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 31 Mar 2005 04:42:25 +1000 To: "H. S." <security@revolutionsp.com>
On Wed, 2005-Mar-30 11:06:53 -0600, H. S. wrote:
>As I stated previously, I'm not much of a C programmer, but I can do some
>coding. I've been thinking into changing the core of the system a bit to
>return errors if some information is accessed by a normal user.
Wouldn't making /sbin and /usr/sbin mode 750 be enough?
> I'd like
>to know if getuid() would work that deep in the system?
In general, system calls can't be used within the kernel. The uid and
gid could be determined by directly dereferencing curproc or the
thread pointer passed around in most kernel internal calls. Note that
the only checks the (non-MAC) kernel currently does is "root" or
"not-root" using suser(9) (apart from the checks in kill(2)).
Restrictions for non-root users are implemented using file
permissions.
> And how can I register sysctl mibs in the kernel ?
Look at sysctl(3), /sys/sys/sysctl.h and (eg) /sys/kern/subr_msgbuf.c
-- Peter Jeremy _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Florent Thoumie: "Re: the best form to wait the finish of execution of a child..."
- In reply to: H. S.: "Re: A few thoughts.."
- Next in thread: H. S.: "Re: A few thoughts.."
- Reply: H. S.: "Re: A few thoughts.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
