<#/part>
From: Jiangyi Liu <[EMAIL PROTECTED]>
Date: 12 Jun 2001 10:48:38 +0800
Message-ID: <[EMAIL PROTECTED]>
Lines: 35
User-Agent: Gnus/5.090001 (Oort Gnus v0.01) Emacs/20.7
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Hi,
Seems I can't contact the coordinator([EMAIL PROTECTED]) of this
task. So I think maybe I should send the patch to this list. Here is
the patch for limiting bpf access to the specified program.
For example, if I wanna specify only /sbin/dhclient can use bpf, I
can:
$ ls -i /sbin/dhclient
439 /sbin/dhclient
$ df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s3a 63503 37795 20628 65% /
/dev/ad0s3f 5834156 2997583 2369841 56% /usr
/dev/ad0s3e 63503 9866 48557 17% /var
procfs 4 4 0 100% /proc
$ ls -al /dev/ad0s3a
crw-r----- 2 root operator 116, 0x00040000 Dec 17 01:40 /dev/ad0s3a
So I can add the follow lines to my kernel config file:
options BPF_LIMITED
options BPF_ALLOWED_DEVID=29696
options BPF_ALLOWED_FILEID=439
The 0~7 bits of BPF_ALLOWED_DEVID is the minor number of the device,
while the 8~15 bits is the major number of the device. Probably I
should make the options like BPF_ALLOWED_DEV_MAJOR and
BPF_ALLOWED_DEV_MINOR.
Anyone interested?
Best wishes,
Jiangyi Liu
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
