A few thoughts..
Peter Jeremy
PeterJeremy at optushome.com.au
Wed Mar 30 10:42:30 PST 2005
On Wed, 2005-Mar-30 11:06:53 -0600, H. S. wrote:
>As I stated previously, I'm not much of a C programmer, but I can do some
>coding. I've been thinking into changing the core of the system a bit to
>return errors if some information is accessed by a normal user.
Wouldn't making /sbin and /usr/sbin mode 750 be enough?
> I'd like
>to know if getuid() would work that deep in the system?
In general, system calls can't be used within the kernel. The uid and
gid could be determined by directly dereferencing curproc or the
thread pointer passed around in most kernel internal calls. Note that
the only checks the (non-MAC) kernel currently does is "root" or
"not-root" using suser(9) (apart from the checks in kill(2)).
Restrictions for non-root users are implemented using file
permissions.
> And how can I register sysctl mibs in the kernel ?
Look at sysctl(3), /sys/sys/sysctl.h and (eg) /sys/kern/subr_msgbuf.c
--
Peter Jeremy
More information about the freebsd-hackers
mailing list