-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07.09.2015 17:58, Jean-Yves Migeon wrote: > Hello there, > > Le 2015-09-07 12:24, Kamil Rytarowski a écrit : >> I'm here to get the support for it. At the moment it (cache nits) >> exceeds my comprehension too. >> >> Are the other bits ok? KAUTH usage, > > I wouldn't create an action/subaction (AUTH_PROCESS_REALPATH and > KAUTH_REQ_PROCESS_REALPATH_GET) specifically for this sysctl. I > think you could get this information through other code paths > combined with find(1) (like fstat(1)ing the process and find the > dev/inode associated with "text"). Adding access restrictions to > this sysctl means you have to kauth-audit the other paths too. >
Do you mean that if a user can access (fstat(1)) a file, then should see its entry in the exec pathname in this sysctl(7)? I was follow the rules of corename here. >> colonization kern_resource.c etc. > > Shouldn't it be in kern_proc.c? > Perhaps yes, I was inspired by corename here too. Thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV+IrnAAoJEEuzCOmwLnZs9+8P/2vkOFNQQHj5yvzzhFIrtCOD IwAxlYISrKsRbte5sqmVXqC5N0smUsETfoSzjhqxJFOU4IiQQvPrQ5kQ33LEAPk9 RHg0Nrw0oDcMJS4ntBewWQnczOQ4ko/guWWQAA2E4HRWnEgrJf36LHQMGHfwvxmC vIX+uYZj6ivGuGBk5Pr4J5iSQ5ms5q0y0Hj8bxRodQ0LJpBLhTGLopqe0Cd9S+oz 2jGL1LdQzrkOZQmBTbIjcvGhjzfc2YCKchfEGRpoM9PsqkY0UcD/5VRcoXU+RW/4 B1mx1+BH6F6fpi5IBMwrClzgG8eHUT02WIkARYmFywusLfC5P3+H7UtN/Plm+3LT zSP75cKbUFKSKy6SCTvqxnx3YqwzAx+m++ieL1zLYqRMVi7W0ZESFswOvWZl4r2M +LOUJBpU0gmg91NkjOXSPwNNKAKTDKb4C1VVmALvQzyCO1Q+Wahz3RfRg2myO98w 525B2Bx8a2xt8zFQcN18dZ9P6aweSpMvCiwMchGoHoVDJIH+/vw/ZacpIJRdiIml rlXq62VbZl6PFKZzPOarl2W2R+frAnoNvhG1FE5PA21GSvyTVb4fTr1Gt38EMfw0 8Gpdk2bFlD0FRwRGSTuAiRv10GLpLDsq1il4Cawwr2BzT2y/dB7e49NjK6p0XD7D 1+vV8xx6HvmQ8XK6TpaI =vseP -----END PGP SIGNATURE-----
