Maxime Villard <max%M00nBSD.net@localhost> writes: > So, making /dev/ksyms 440 root:kmem should not break anything. > > If it does, then there's a bug in the offending tool in the first place. Agreed. systat is one of them. It takes care to call kvm_openfiles() while setgid kmem, but kvm_openfiles() doesn't open /dev/ksyms, expecting that the other kvm functions can do that at need. So when e.g. 'systat vmstat' calls kvm_nlist() after privileges have been dropped, it fails: systat: nlist: can't find following symbols: _intrnames _eintrnames _intrcnt _eintrcnt _allevents -tih -- Most people who graduate with CS degrees don't understand the significance of Lisp. Lisp is the most important idea in computer science. --Alan Kay
Attachment:
signature.asc
Description: PGP signature