An option to ignore sysctl CTLFLAG_ANYBODY
Alfonso Siciliano
alfix86 at gmail.com
Sun Jun 21 02:58:08 UTC 2020
On Sat, 20 Jun 2020 19:38:12 +0000
Teran McKinney <sega01 at go-beyond.org> wrote:
> I have tried that and it does work. The problem is that even a
> simple read call like `sysctl hw.ncpu` will return an error for
> non-root users. Which, while not essential, would be nice to
> keep.
This new change to kern_sysctl.c should solve the problem:
https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_sysctl.c#L2122
from
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
to
/*
* Is this sysctl writable? Does it belong to the undocumented interface
* or sysctlinfo?
*/
if (req->newptr && !(SYSCTL_CHILDREN(&sysctl___sysctl) == oid->oid_parent)) {
Testing
% uname -K
1300093
% sysctl hw.ncpu
hw.ncpu: 1
% nsysctl -NatGv hw.snd.default_unit
hw.snd.default_unit: integer: RD WR RW ANYBODY TUN RDTUN RWTUN NOFETCH: 0
% sysctl hw.snd.default_unit
hw.snd.default_unit: 0
% sysctl hw.snd.default_unit=1
hw.snd.default_unit: 0
sysctl: hw.snd.default_unit=1: Operation not permitted
Alfonso
---
Alfonso S. Siciliano
http://alfix.gitlab.io
More information about the freebsd-hackers
mailing list