Re: how to deny reading of several sysctls (for a set of uids, f.e.)
- From: Max Laier <max@xxxxxxxxxxxxxx>
- Date: Tue, 23 Jan 2007 14:10:19 +0100
On Tuesday 23 January 2007 12:44, Andrew N. Below wrote:
System - RELENG_6.
Easiest way I found is to patch libc.
But in this case we still can get an original library and use
LD_PRELOAD.
Is there any way to obtain uid of calling process (thread?)
within the kernel?
We have following extern in src/lib/libc/gen/sysctl.c:
[..]
extern int __sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp, size_t newlen);
[..]
And there is __sysctl (src/sys/kern/kern_sysctl.c):
[..]
/*
* MPSAFE
*/
int
__sysctl(struct thread *td, struct sysctl_args *uap)
[..]
1. Whether this function is called from libc sysctl() ?
2. What can we get from td here? My knowledge about FreeBSD kernel
and kernel threads is not yet enough for understanding this.
td->td_proc->p_ucred has the user credentials. You probably want to do
your checks in userland_sysctl() according to the comment just above.
I also thought about passing control variable from libc
to kernel, but it seems to be bad idea.
Any other ways?
--
/"\ Best regards, | mlaier@xxxxxxxxxxx
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Attachment:
pgpgruSCJ06Pe.pgp
Description: PGP signature
- Follow-Ups:
- Re: how to deny reading of several sysctls (for a set of uids, f.e.)
- From: Andrew N. Below
- Re: how to deny reading of several sysctls (for a set of uids, f.e.)
- References:
- how to deny reading of several sysctls (for a set of uids, f.e.)
- From: Andrew N. Below
- how to deny reading of several sysctls (for a set of uids, f.e.)
- Prev by Date: how to deny reading of several sysctls (for a set of uids, f.e.)
- Next by Date: Page fault in vfs_hash_get on 6.2
- Previous by thread: how to deny reading of several sysctls (for a set of uids, f.e.)
- Next by thread: Re: how to deny reading of several sysctls (for a set of uids, f.e.)
- Index(es):
Relevant Pages
- Re: [openib-general] Re: [PATCH][RFC][0/4] InfiniBand userspace verbs implementation
... Andrew> The kernel can simply register and unregister ranges for ... Andrew>
RDMA. ... Kernel accounting ... RDMA device, a process can create many memory
... (Linux-Kernel) - Re: RFD: Kernel release numbering
... A different approach would be to not release a 'stable' kernel at all, ... applying
patches that might be relevant to them. ... So I have been sending all my patches to Andrew
to go in the -mm tree, ... But more recently I have discovered that quite a few key developers
... (Linux-Kernel) - Re: PCMCIA Wireless Card Question
... >> Andrew Gould ... > have to add the entry for the kernel though.
... (freebsd-questions) - RE: PCMCIA Wireless Card Question
... Andrew L. Gould wrote: ... >> have to add the entry for the kernel
though. ... To unsubscribe, ... (freebsd-questions) - Re: Linux 2.6.0
... > Andrew has written up some caveats and pointers to information about 2.4.x ...
> considered to be release-critical and a number of them have pending fixes ... Some
active subsystem mailing lists ... kernel bug reports may be entered into the kernel
bug ... (Linux-Kernel)
