[src/netbsd-9]: src Pull up following revision(s) (requested by maya in ticke...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/48395e7d288d
branches:  netbsd-9
changeset: 460596:48395e7d288d
user:      martin <martin%NetBSD.org@localhost>
date:      Mon Oct 28 16:37:55 2019 +0000

description:
Pull up following revision(s) (requested by maya in ticket #385):

        distrib/sets/lists/modules/mi: revision 1.127
        sys/modules/Makefile: revision 1.230
        sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
        sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.

diffstat:

 distrib/sets/lists/modules/mi |  6 +++---
 sys/modules/filemon/Makefile  |  8 +++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diffs (40 lines):

diff -r f3c5cbf2c8a1 -r 48395e7d288d distrib/sets/lists/modules/mi
--- a/distrib/sets/lists/modules/mi     Mon Oct 28 02:58:09 2019 +0000
+++ b/distrib/sets/lists/modules/mi     Mon Oct 28 16:37:55 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.122.2.1 2019/09/01 13:00:37 martin Exp $
+# $NetBSD: mi,v 1.122.2.2 2019/10/28 16:37:55 martin Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -166,8 +166,8 @@
 ./@MODULEDIR@/ffs/ffs.kmod                     base-kernel-modules     kmod
 ./@MODULEDIR@/filecore                         base-kernel-modules     kmod
 ./@MODULEDIR@/filecore/filecore.kmod           base-kernel-modules     kmod
-./@MODULEDIR@/filemon                          base-kernel-modules     kmod
-./@MODULEDIR@/filemon/filemon.kmod             base-kernel-modules     kmod
+./@MODULEDIR@/filemon                          base-obsolete           obsolete
+./@MODULEDIR@/filemon/filemon.kmod             base-obsolete           obsolete
 ./@MODULEDIR@/flash                            base-kernel-modules     kmod
 ./@MODULEDIR@/flash/flash.kmod                 base-kernel-modules     kmod
 ./@MODULEDIR@/fss                              base-kernel-modules     kmod
diff -r f3c5cbf2c8a1 -r 48395e7d288d sys/modules/filemon/Makefile
--- a/sys/modules/filemon/Makefile      Mon Oct 28 02:58:09 2019 +0000
+++ b/sys/modules/filemon/Makefile      Mon Oct 28 16:37:55 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2015/08/20 11:05:01 christos Exp $
+# $NetBSD: Makefile,v 1.2.22.1 2019/10/28 16:37:55 martin Exp $
 
 .include "../Makefile.inc"
 
@@ -9,4 +9,10 @@
 SRCS = filemon.c filemon_wrapper.c
 NOMAN = no
 
+# Due to security concerns, we don't install the filemon module.  We
+# do, however, want to keep building it to prevent bit-rot.  Define
+# an empty install target for this.
+
+kmodinstall:
+
 .include <bsd.kmodule.mk>