Extending MADV_PROTECT
Jilles Tjoelker
jilles at stack.nl
Mon May 20 22:28:40 UTC 2013
On Tue, May 14, 2013 at 05:37:00PM -0400, John Baldwin wrote:
> On 5/14/13 3:21 PM, Jilles Tjoelker wrote:
> > All this is not very important for process protection because it
> > requires root privileges anyway but future procctl commands may well be
> > accessible to normal users (I'm thinking of avoiding proliferation of
> > pd* calls in particular).
> I originally used that approach in pprotect() since that is what ktrace
> uses. I did it this way in procctl() to err on the side of reporting
> errors vs not, but I can easily change it. This is something I wasn't
> sure of and very much appreciate feedback on.
> Do you have any thoughts on having this be more ioctl-like ("automatic"
> copyin/out and size encoded in cmd) vs ptrace-like (explicit sizes and
> in/out keyed off of command)?
If it is ioctl-like, it is possible to redirect ioctl() on a process
descriptor to procctl and use cap_ioctls_limit() infrastructure. I'm not
sure Capsicum people actually like that, though.
In either case, it is possible to have a P_PROCDESC to affect a process
by process descriptor. Capsicum may then need more CAP_*.
--
Jilles Tjoelker
More information about the freebsd-arch
mailing list