Subject: Re: Getting rid of /dev/veriexec
To: Bill Studenmund <wrstuden@netbsd.org>
From: Simon Burge <simonb@wasabisystems.com>
List: tech-kern
Date: 12/03/2005 11:57:49
Bill Studenmund wrote:

> > while i agree that using sysctl for "control" interface is not
> > perhaps the right thing, using it to export data is something
> > that's been true for a long time and using it to remove set-id
> > bits from various apps has been a goal of the project for a
> > long time.  it's not just security, either - it means that ps(1)
> > works always now, even 32 bit ps(1) 64 bit kernel.
> 
> To be honest, I wish we didn't use sysctl here. I think it is an abuse of
> the interface. I think there are ways we could have done the same thing
> with other methods.

I'm curious - why?  :)

sysctl has been used since rev 1.1 of ps(1) (well, libkvm) to retrieve
kernel data.  _D+I Of 4.4 BSD_ says sysctl was introduced to stop kmem
grovellers having to open /dev/kmem and read from it.  As the person who
generalised the interface so that ps(1) is 32/64 bit clean and forever
backward-compatible, I'm a believer that sysctl is the right way to do
this...

Simon.
--
Simon Burge                            <simonb@wasabisystems.com>
NetBSD Support and Service:         http://www.wasabisystems.com/