Maxime Villard <[email protected]> writes: > So, making /dev/ksyms 440 root:kmem should not break anything. > > If it does, then there's a bug in the offending tool in the first place.
Agreed. systat is one of them. It takes care to call kvm_openfiles() while setgid kmem, but kvm_openfiles() doesn't open /dev/ksyms, expecting that the other kvm functions can do that at need. So when e.g. 'systat vmstat' calls kvm_nlist() after privileges have been dropped, it fails: systat: nlist: can't find following symbols: _intrnames _eintrnames _intrcnt _eintrcnt _allevents -tih -- Most people who graduate with CS degrees don't understand the significance of Lisp. Lisp is the most important idea in computer science. --Alan Kay
signature.asc
Description: PGP signature
