FreeBSD Security Advisory FreeBSD-SA-14:07.devfs
Dag-Erling Smørgrav
des at des.no
Fri May 2 10:02:38 UTC 2014
Matthew Seaman <matthew at FreeBSD.org> writes:
> You can start snmpd with the '-r' flag which means it will at least run
> without needing access to /dev/mem or anything else privileged, but at
> the cost of reduced functionality. For instance the 'proc foo' test to
> check on the presence of a foo process doesn't work. Quite why that
> should need rootly privilege I do not know: it's effectively the same as
> grepping the output of 'ps -acx'.
It probably uses libkvm instead of the newer libprocstat, which does not
require access to /dev/mem. The only reason you'd ever want to use
libkvm is if you want to be able to operate on kernel dumps.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list