On 24.06.2011 00:50, Christos Zoulas wrote: > Module Name: src > Committed By: christos > Date: Thu Jun 23 22:50:54 UTC 2011 > > Modified Files: > src/usr.bin/pmap: main.c > > Log Message: > Don't give out information about processes we can't control.
Thanks to Aleksey and you for fixing the procfs leak. I wonder whether pmap's code is the right place to check for "information" access control. It's difficult to modify except by patching the source, does not protect from abusing/finding exploits to circumvent the check (any executable that has kmem sgid rights is a target), and there are other potential tools usable out there (lsof(1), maybe?). Isn't it something that rather fits the kauth(9) ACLs? -- Jean-Yves Migeon [email protected]
