subject:"Re\: kern.allowkmem in examples\?"

Re: kern.allowkmem in examples?

2017-05-22 Thread Theo de Raadt

Yes, that is a lot better.  The command could even suggest so
upon runttime failure ...

> > On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote:
> > > acpidump(8) wants kern.allowkmem.
> > > Does it make sense to put that into examples sysctl.conf?
> 
> On May 22 09:06:51, dera...@openbsd.org wrote:
> > No, in fact I want to kill that sysctl eventually, perhaps couple this
> > with securelevel=0, and never allow it otherwise.
> 
> On May 22 14:09:57, sema...@online.fr wrote:
> > It should be rare to need to run acpidump(8) post-boot. The system
> > already runs it at startup and stock files under /var/db/acpi.
> 
> On May 22 14:42:57, mark.kette...@xs4all.nl wrote:
> > The bootscript already runs acpidump ad stores the results in /var/db/acpi.
> > So there is no reason to run acpidump.
> 
> Should the manpage say so?
> 
> 
> Index: acpidump.8
> ===
> RCS file: /cvs/src/usr.sbin/acpidump/acpidump.8,v
> retrieving revision 1.17
> diff -u -p -r1.17 acpidump.8
> --- acpidump.826 Sep 2016 19:58:26 -  1.17
> +++ acpidump.822 May 2017 17:41:03 -
> @@ -71,9 +71,14 @@ requires the ability to open
>  which may be restricted based upon the value of the
>  .Ar kern.allowkmem
>  .Xr sysctl 8 .
> +.Pp
> +.Nm
> +is run at startup and stores the results in
> +.Pa /var/db/acpi .
>  .Sh FILES
>  .Bl -tag -width /dev/mem
>  .It Pa /dev/mem
> +.It Pa /var/db/acpi
>  .El
>  .Sh SEE ALSO
>  .Xr pkg_add 1 ,
>

Re: kern.allowkmem in examples?

2017-05-22 Thread Jan Stary

> On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote:
> > acpidump(8) wants kern.allowkmem.
> > Does it make sense to put that into examples sysctl.conf?

On May 22 09:06:51, dera...@openbsd.org wrote:
> No, in fact I want to kill that sysctl eventually, perhaps couple this
> with securelevel=0, and never allow it otherwise.

On May 22 14:09:57, sema...@online.fr wrote:
> It should be rare to need to run acpidump(8) post-boot. The system
> already runs it at startup and stock files under /var/db/acpi.

On May 22 14:42:57, mark.kette...@xs4all.nl wrote:
> The bootscript already runs acpidump ad stores the results in /var/db/acpi.
> So there is no reason to run acpidump.

Should the manpage say so?


Index: acpidump.8
===
RCS file: /cvs/src/usr.sbin/acpidump/acpidump.8,v
retrieving revision 1.17
diff -u -p -r1.17 acpidump.8
--- acpidump.8  26 Sep 2016 19:58:26 -  1.17
+++ acpidump.8  22 May 2017 17:41:03 -
@@ -71,9 +71,14 @@ requires the ability to open
 which may be restricted based upon the value of the
 .Ar kern.allowkmem
 .Xr sysctl 8 .
+.Pp
+.Nm
+is run at startup and stores the results in
+.Pa /var/db/acpi .
 .Sh FILES
 .Bl -tag -width /dev/mem
 .It Pa /dev/mem
+.It Pa /var/db/acpi
 .El
 .Sh SEE ALSO
 .Xr pkg_add 1 ,

Re: kern.allowkmem in examples?

2017-05-22 Thread Theo de Raadt

No, in fact I want to kill that sysctl eventually, perhaps couple this
with securelevel=0, and never allow it otherwise.

The days of kernel memory snooping are OVER.

> acpidump(8) wants kern.allowkmem.
> Does it make sense to put that into examples sysctl.conf?
> 
>   Jan
> 
> Index: sysctl.conf
> ===
> RCS file: /cvs/src/etc/examples/sysctl.conf,v
> retrieving revision 1.4
> diff -u -p -r1.4 sysctl.conf
> --- sysctl.conf   3 Apr 2015 15:50:28 -   1.4
> +++ sysctl.conf   22 May 2017 11:58:27 -
> @@ -33,4 +33,5 @@
>  #kern.nosuidcoredump=3   # 3=Put suid coredumps in 
> /var/crash/progname
>  #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if 
> available
>  #kern.watchdog.auto=0# 0=Disable automatic watchdog(4) 
> retriggering
> +#kern.allowkmem=1# 1=Allow e.g. acpidump to open /dev/kmem
>  #hw.allowpowerdown=0 # 0=Disable power button shutdown
>

Re: kern.allowkmem in examples?

2017-05-22 Thread Mark Kettenis

> Date: Mon, 22 May 2017 14:00:51 +0200
> From: Jan Stary 
> 
> acpidump(8) wants kern.allowkmem.
> Does it make sense to put that into examples sysctl.conf?

I'm not necessaily against adding and kern.allowkmem entry, but
acpidump is a bit of a bad example.  The bootscript already runs
acpidump ad stores the results in /var/db/acpi.  So there is no reason
to run acpidump.

> Index: sysctl.conf
> ===
> RCS file: /cvs/src/etc/examples/sysctl.conf,v
> retrieving revision 1.4
> diff -u -p -r1.4 sysctl.conf
> --- sysctl.conf   3 Apr 2015 15:50:28 -   1.4
> +++ sysctl.conf   22 May 2017 11:58:27 -
> @@ -33,4 +33,5 @@
>  #kern.nosuidcoredump=3   # 3=Put suid coredumps in 
> /var/crash/progname
>  #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if 
> available
>  #kern.watchdog.auto=0# 0=Disable automatic watchdog(4) 
> retriggering
> +#kern.allowkmem=1# 1=Allow e.g. acpidump to open /dev/kmem
>  #hw.allowpowerdown=0 # 0=Disable power button shutdown
> 
>

Re: kern.allowkmem in examples?

2017-05-22 Thread Sebastien Marie

On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote:
> acpidump(8) wants kern.allowkmem.
> Does it make sense to put that into examples sysctl.conf?
> 

It should be rare to need to run acpidump(8) post-boot. The system
already runs it at startup and stock files under /var/db/acpi.

-- 
Sebastien Marie

Re: kern.allowkmem in examples?

Re: kern.allowkmem in examples?

Re: kern.allowkmem in examples?

Re: kern.allowkmem in examples?

Re: kern.allowkmem in examples?

5 matches

Site Navigation

Mail list logo

Footer information