CVS commit: [netbsd-7-0] src

[Martin Husemann]

Module Name:    src
Committed By:   martin
Date:           Mon Oct 28 18:06:13 UTC 2019

Modified Files:
        src/distrib/sets/lists/modules [netbsd-7-0]: mi
        src/sys/modules/filemon [netbsd-7-0]: Makefile

Log Message:
Pull up following revision(s) (requested by maya in ticket #1710):

        distrib/sets/lists/modules/mi: revision 1.127
        sys/modules/Makefile: revision 1.230
        sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
        sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.


To generate a diff of this commit:
cvs rdiff -u -r1.69.2.1 -r1.69.2.1.2.1 src/distrib/sets/lists/modules/mi
cvs rdiff -u -r1.1 -r1.1.44.1 src/sys/modules/filemon/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/distrib/sets/lists/modules/mi
diff -u src/distrib/sets/lists/modules/mi:1.69.2.1 src/distrib/sets/lists/modules/mi:1.69.2.1.2.1
--- src/distrib/sets/lists/modules/mi:1.69.2.1	Sat Mar 21 17:11:35 2015
+++ src/distrib/sets/lists/modules/mi	Mon Oct 28 18:06:13 2019
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.69.2.1 2015/03/21 17:11:35 snj Exp $
+# $NetBSD: mi,v 1.69.2.1.2.1 2019/10/28 18:06:13 martin Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -76,8 +76,8 @@
 ./@MODULEDIR@/ffs/ffs.kmod			base-kernel-modules	kmod
 ./@MODULEDIR@/filecore				base-kernel-modules	kmod
 ./@MODULEDIR@/filecore/filecore.kmod		base-kernel-modules	kmod
-./@MODULEDIR@/filemon				base-kernel-modules	kmod
-./@MODULEDIR@/filemon/filemon.kmod		base-kernel-modules	kmod
+./@MODULEDIR@/filemon				base-obsolete		obsolete
+./@MODULEDIR@/filemon/filemon.kmod		base-obsolete		obsolete
 ./@MODULEDIR@/flash				base-kernel-modules	kmod
 ./@MODULEDIR@/flash/flash.kmod			base-kernel-modules	kmod
 ./@MODULEDIR@/fss				base-kernel-modules	kmod

Index: src/sys/modules/filemon/Makefile
diff -u src/sys/modules/filemon/Makefile:1.1 src/sys/modules/filemon/Makefile:1.1.44.1
--- src/sys/modules/filemon/Makefile:1.1	Thu Sep  9 00:10:16 2010
+++ src/sys/modules/filemon/Makefile	Mon Oct 28 18:06:13 2019
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.1 2010/09/09 00:10:16 sjg Exp $
+# $NetBSD: Makefile,v 1.1.44.1 2019/10/28 18:06:13 martin Exp $
 
 .include "../Makefile.inc"
 
@@ -8,4 +8,10 @@ KMOD = filemon
 SRCS = filemon.c filemon_wrapper.c
 NOMAN = no
 
+# Due to security concerns, we don't install the filemon module.  We
+# do, however, want to keep building it to prevent bit-rot.  Define
+# an empty install target for this.
+
+kmodinstall:
+
 .include <bsd.kmodule.mk>