Re: [filemon] CVS commit: htdocs/support/security

[Kamil Rytarowski <n54%gmx.com@localhost>]

On 17.12.2019 09:16, Maxime Villard wrote:
>> Module Name:    htdocs
>> Committed By:   christos
>> Date:           Tue Dec 17 01:03:49 UTC 2019
>>
>> Modified Files:
>>         htdocs/support/security: advisory.html index.html
>>
>> Log Message:
>> new advisory
>>
>>
>> To generate a diff of this commit:
>> cvs rdiff -u -r1.140 -r1.141 htdocs/support/security/advisory.html
>> cvs rdiff -u -r1.173 -r1.174 htdocs/support/security/index.html
>>
>> Please note that diffs are not public domain; they are subject to the
>> copyright notices on the relevant files.
>
> There is something I don't understand here. Why keep this totally useless
> misfeature, when we already have many tracing facilities that can do just
> about the same job without having security issues?
>
> The recommendation in the advisory is literally to remove the kernel
> module from the fs. I don't see what could possibly be the use of such a
> misfeature as filemon; I would remove it completely from the kernel
> source tree.
>
> Maxime

From:
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2019-006.txt.asc

"Additionally the way filemon does filesystem interception is racy
and can lead to random crashes if the system calls are in use
while the module is unloaded."

Is this issue fixable? Not speaking for filemon in particular, I find
this ability to rewrite the syscall table on the fly as a feature.
Keeping a functional module with this property (even if disabled by
default) seems useful to me.