running 5.1-RELEASE with no procfs mounted (lockups?)

Robert Watson rwatson at freebsd.org
Thu Jul 17 10:01:34 PDT 2003 

On Tue, 15 Jul 2003, Josh Brooks wrote:

> I have loaded two 5.1-RELEASE systems, both of them have PROCFS and
> PSEUDOFS in the kernel, and yet neither of them have a procfs mounted. 
> 
> There is no procfs line in /etc/fstab by default, and no procfs is
> mounted on the system in any way. 
> 
> 
> Question 1:  Is this intentional ?  Is it no longer needed/recommended
> to
>              run a procfs ?

Most system functionality that relied on procfs has been rewritten to rely
on other mechanisms.  In general, I advise against running procfs--it's
interesting, but conceptually it's very risky.  If you look at the history
of security advisories on systems that supported procfs (FreeBSD, Linux,
Solaris), you'll get a sense of why: procfs represents processes as files,
and the semantics of processes and of files are very different.  For
example, with processes, there are notions of revoked access; processes
are reused to hold several programs often running with different
credentials.

The behavior I'm aware of that currently relies on procfs and has not yet
been adapted to use ptrace() or sysctl() are:

ps -e           Relies on groping around in the address space of each
                process to display environmental variables.

truss		Relies on the event model of procfs; there have been some
		initial patches and discussion of migrating truss to ptrace() but
		I don't think we have anything very usable yet.  I'd be happy to
		be corrected on this. :-)

Also, linprocfs, which offers many of the functions of procfs, relies on
pseudofs, and is required to run many Linux emulated programs.  Often for
rather bizarre reasons (retrieving command line arguments from the
per-process cmdline file...).

> Question 2:  Is this because I am running without procfs ?  Or have
> these
>              type of problems been seen in 5.1-RELEASE by other causes ? 

This is most likely unrelated. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories

More information about the freebsd-hackers mailing list