On Wed, Nov 19, 2008 at 11:48:36PM -0800, Nate Eldredge wrote: > On Wed, 19 Nov 2008, Jeremy Chadwick wrote: > >> On Thu, Nov 20, 2008 at 05:39:36PM +1100, Peter Jeremy wrote: > >>> I hope that never gets committed - it will make debugging kernel >>> problems much harder. There is already a kern.msgbuf_clear sysctl and >>> maybe people who are concerned about msgbuf leakage need to learn to >>> use it. >> >> And this sysctl is only usable *after* the kernel loads, which means >> you lose all of the messages shown from the time the kernel loads to >> the time the sysctl is set (e.g. hardware detected/configured). This is >> even less acceptable, IMHO. > > But surely you can arrange that the contents are written out to > /var/log/messages first? > > E.g. a sequence like > > - mount /var > - write buffer contents via syslogd > - clear buffer via sysctl > - allow user logins
This has two problems, but I'm probably missing something: 1) See my original post, re: users of our systems use "dmesg" to find out what the status of the system is. By "status" I don't mean "from the point the kernel finished to now", I literally mean they *expect* to see the kernel device messages and all that jazz. No, I'm not making this up, nor am I arguing just to hear myself talk (despite popular belief). I can bring these users into the discussion if people feel it would be useful. 2) I don't understand how this would work (meaning, technically and literally: I do not understand). How do messages like "CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz (2992.52-MHz K8-class CPU)" get written to syslog when syslogd isn't even running (or any filesystems) mounted at that time? There must be some magic involved there (since syslog == libc, not syscall) when syslogd starts, but I don't know how it works. > This way the buffer is cleared before any unprivileged users get to do > anything. No kernel changes needed, just a little tweaking of the init > scripts at most. > > If you should have a crash and suspect there is useful data in the > buffer, you can boot to single-user mode (avoiding the clear) and > retrieve it manually. > > Seems like this should make everyone happy. What I'm not understanding is the resistance towards Rink's patch, assuming the tunable defaults to disabled/off. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
