An option to ignore sysctl CTLFLAG_ANYBODY
Teran McKinney
sega01 at go-beyond.org
Sat Jun 20 19:38:19 UTC 2020
On 2020-06-20 20-48-10 , Alfonso Siciliano wrote:
> Hi Teran,
>
> I had a look at kern_sysctl.c, you could recompile the kernel changing:
> https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122
>
> from
> /* Is this sysctl writable by only privileged users? */
> if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
> to
> /* Is this sysctl writable? */
> if (req->newptr) {
>
> so, sysctl(3) has to call/check priv_check() every time you pass a new value.
>
> > I generally don't know what I'm doing as it's my first time hacking
> > on the FreeBSD kernel, or any kernel in general for that matter.
>
> Another (silly :D) solution is a kernel module (nice for training):
> it could explore the MIB to set CTLFLAG_ANYBODY to 0 for each object.
>
>
> Happy Hacking,
>
> Alfonso
Hi Alfonso,
I appreciate your reply!
I have tried that and it does work. The problem is that even a
simple read call like `sysctl hw.ncpu` will return an error for
non-root users. Which, while not essential, would be nice to
keep.
My current workaround, which behaves exactly the same way, is setting
CTLFLAG_ANYBODY to 0. That function always returns true in that
case.
Interesting idea about the kernel module.
Sincerely,
Teran
More information about the freebsd-hackers
mailing list