NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/43587: stupid error message during boot from sysctl if no COMPAT40 in kernel

>Number:         43587
>Category:       bin
>Synopsis:       stupid error message during boot from sysctl if no COMPAT40 in 
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 09 10:20:00 +0000 2010
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 5.0.2
Dr. Nagler & Company GmbH
System: NetBSD s013 5.0.2 NetBSD 5.0.2 (NSW-S013) #2: Fri Jul 9 11:02:34 CEST 
2010 root@s013:/usr/src/sys/arch/amd64/compile/NSW-S013 amd64
Architecture: x86_64
Machine: amd64
        In /etc/sysctl.conf the line "kern.no_sa_support?=1" tries to disable 
KENR_SA from
        the COMPAT40 as default for security reasons. This is OK.
        But if the kernel is compiled without COMPAT40, the option KERN_SA is 
not defined
        in the kernel build and this variable gets read-only with the value 1.
        This conflicts with the intention of "?=" of sysctl. The "?=" assumes, 
that the variable
        is not there and will ignore the line silently.
        But the variable is present (with value "1"), so sysctl is gooing to 
set the variable.
        Due to the fact that it is read-only, this fails with an error message 
during boot on the console.
        Compile a kernel without COMPAT40 support and boot it.
        There are two ways to "fix" this problem.
        1. do not create the kernel variable if KERN_SA is not defined.
        2. keep sysctl from setting a variable to the same value with "?=" it 
has before.

        I'm not shure about any effects of version 1.
        So I would prefer version 2, but I don't know, if some other variables 
in the kernel
        depends on the ability to set the same value again (with "?=") and 
trigger some actions.

        As a workaround for now I ignore the error message on the console, 
because it sounds to
        dangerous for me to comment out this security setting in 
/etc/sysctl.conf for the case
        that another kernel with COMPAT40 gets build on the system.
        (I'm shure no onw will remember the change to /etc/sysctl.conf in that 
case ....)

        I've not the time to create a patch for version 2 at the moment. 
Perhaps in one or two
        months if this report is still open. sorry.


Home | Main Index | Thread Index | Old Index