Re: New sysctl entry: proc.PID.realpath

[Kamil Rytarowski <n54%gmx.com@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07.09.2015 17:58, Jean-Yves Migeon wrote:
> Hello there,
> 
> Le 2015-09-07 12:24, Kamil Rytarowski a écrit :
>> I'm here to get the support for it. At the moment it (cache nits)
>> exceeds my comprehension too.
>> 
>> Are the other bits ok? KAUTH usage,
> 
> I wouldn't create an action/subaction (AUTH_PROCESS_REALPATH and 
> KAUTH_REQ_PROCESS_REALPATH_GET) specifically for this sysctl. I 
> think you could get this information through other code paths 
> combined with find(1) (like fstat(1)ing the process and find the 
> dev/inode associated with "text"). Adding access restrictions to 
> this sysctl means you have to kauth-audit the other paths too.
> 

Do you mean that if a user can access (fstat(1)) a file, then should
see its entry in the exec pathname in this sysctl(7)?

I was follow the rules of corename here.

>> colonization kern_resource.c etc.
> 
> Shouldn't it be in kern_proc.c?
> 

Perhaps yes, I was inspired by corename here too.

Thanks!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV+IrnAAoJEEuzCOmwLnZs9+8P/2vkOFNQQHj5yvzzhFIrtCOD
IwAxlYISrKsRbte5sqmVXqC5N0smUsETfoSzjhqxJFOU4IiQQvPrQ5kQ33LEAPk9
RHg0Nrw0oDcMJS4ntBewWQnczOQ4ko/guWWQAA2E4HRWnEgrJf36LHQMGHfwvxmC
vIX+uYZj6ivGuGBk5Pr4J5iSQ5ms5q0y0Hj8bxRodQ0LJpBLhTGLopqe0Cd9S+oz
2jGL1LdQzrkOZQmBTbIjcvGhjzfc2YCKchfEGRpoM9PsqkY0UcD/5VRcoXU+RW/4
B1mx1+BH6F6fpi5IBMwrClzgG8eHUT02WIkARYmFywusLfC5P3+H7UtN/Plm+3LT
zSP75cKbUFKSKy6SCTvqxnx3YqwzAx+m++ieL1zLYqRMVi7W0ZESFswOvWZl4r2M
+LOUJBpU0gmg91NkjOXSPwNNKAKTDKb4C1VVmALvQzyCO1Q+Wahz3RfRg2myO98w
525B2Bx8a2xt8zFQcN18dZ9P6aweSpMvCiwMchGoHoVDJIH+/vw/ZacpIJRdiIml
rlXq62VbZl6PFKZzPOarl2W2R+frAnoNvhG1FE5PA21GSvyTVb4fTr1Gt38EMfw0
8Gpdk2bFlD0FRwRGSTuAiRv10GLpLDsq1il4Cawwr2BzT2y/dB7e49NjK6p0XD7D
1+vV8xx6HvmQ8XK6TpaI
=vseP
-----END PGP SIGNATURE-----