Subject: Re: procfs/ptrace/systrace/ktrace diff
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 11/26/2006 16:18:55
YAMAMOTO Takashi wrote:
>>>> proc_isunder() should be in the secmodel.
>>> do you mean chroot(8) should be a part of secmodel?
>> it already kinda is. we don't provide any context (yet) but there is
>> a chroot action. I would like to move proc_isunder() to the secmodel
>> code, yes.
> i don't see how it could be done efficiently.
are you talking about the entire chroot mechanism or just chroot
enforcement for the four subsystems in question?
>>>>> does it mean to prohibit even reading of init's status if securelevel >= 0?
>>>> yeah. can change, but again, we need to pass more context.
>>> why don't you pass the necessary context?
>> we have two args to play with. assuming they all need the tracer too,
>> that leaves us with one argument free. that's not enough for at least
>> procfs. if I can shift the subsystem to the action itself, as I
>> suggested, I can pass more context.
> what's necessary to keep the current behaviour is only <r/w>, isn't it?
the goal is not just to keep current behavior, but both that and
allowing finer-grained control, assuming one may wish to do so. the
latest patch posted achieves that.