[src/netbsd-7-0]: src Pull up following revision(s) (requested by maya in tic...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-7-0]: src Pull up following revision(s) (requested by maya in tic...
From: martin <martin%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 03:34:31 +0000

details:   https://anonhg.NetBSD.org/src/rev/2e2bae30c18b
branches:  netbsd-7-0
changeset: 801590:2e2bae30c18b
user:      martin <martin%NetBSD.org@localhost>
date:      Mon Oct 28 18:06:13 2019 +0000

description:
Pull up following revision(s) (requested by maya in ticket #1710):

        distrib/sets/lists/modules/mi: revision 1.127
        sys/modules/Makefile: revision 1.230
        sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
        sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.

diffstat:

 distrib/sets/lists/modules/mi |  6 +++---
 sys/modules/filemon/Makefile  |  8 +++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diffs (40 lines):

diff -r 2f5a2416cd54 -r 2e2bae30c18b distrib/sets/lists/modules/mi
--- a/distrib/sets/lists/modules/mi     Sat Sep 28 07:52:18 2019 +0000
+++ b/distrib/sets/lists/modules/mi     Mon Oct 28 18:06:13 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.69.2.1 2015/03/21 17:11:35 snj Exp $
+# $NetBSD: mi,v 1.69.2.1.2.1 2019/10/28 18:06:13 martin Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -76,8 +76,8 @@
 ./@MODULEDIR@/ffs/ffs.kmod                     base-kernel-modules     kmod
 ./@MODULEDIR@/filecore                         base-kernel-modules     kmod
 ./@MODULEDIR@/filecore/filecore.kmod           base-kernel-modules     kmod
-./@MODULEDIR@/filemon                          base-kernel-modules     kmod
-./@MODULEDIR@/filemon/filemon.kmod             base-kernel-modules     kmod
+./@MODULEDIR@/filemon                          base-obsolete           obsolete
+./@MODULEDIR@/filemon/filemon.kmod             base-obsolete           obsolete
 ./@MODULEDIR@/flash                            base-kernel-modules     kmod
 ./@MODULEDIR@/flash/flash.kmod                 base-kernel-modules     kmod
 ./@MODULEDIR@/fss                              base-kernel-modules     kmod
diff -r 2f5a2416cd54 -r 2e2bae30c18b sys/modules/filemon/Makefile
--- a/sys/modules/filemon/Makefile      Sat Sep 28 07:52:18 2019 +0000
+++ b/sys/modules/filemon/Makefile      Mon Oct 28 18:06:13 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1 2010/09/09 00:10:16 sjg Exp $
+# $NetBSD: Makefile,v 1.1.44.1 2019/10/28 18:06:13 martin Exp $
 
 .include "../Makefile.inc"
 
@@ -8,4 +8,10 @@
 SRCS = filemon.c filemon_wrapper.c
 NOMAN = no
 
+# Due to security concerns, we don't install the filemon module.  We
+# do, however, want to keep building it to prevent bit-rot.  Define
+# an empty install target for this.
+
+kmodinstall:
+
 .include <bsd.kmodule.mk>

Prev by Date: [src/netbsd-7-0]: src/doc Ticket #1710
Next by Date: [src/netbsd-7-0]: src Fix set lists for ticket #1710
Previous by Thread: [src/netbsd-7-0]: src/doc Ticket #1710
Next by Thread: [src/netbsd-7-0]: src Fix set lists for ticket #1710
Indexes:

Home | Main Index | Thread Index | Old Index