Pull up following revision(s) (requested by maya in ticket #385):
distrib/sets/lists/modules/mi: revision 1.127 sys/modules/Makefile: revision 1.230 sys/modules/filemon/Makefile: revision 1.4 (manually adjusted) sys/modules/Makefile: revision 1.229 Disable filemon. It isn't suited for general use (that is, it poses security risks), but the existence of the module means it is auto-loaded when /dev/filemon is opened, which can be done by any user. Thanks Ilja van Sprundel for the heads up. - Continue to build the filemon module, but don't install it. Hopefully this will help us detect any additional bit-rot that might occur. XXX It might be a good idea to modify the file permissions on /dev/filemon XXX to prevent auto-loading of the driver module by non-privileged users.
This commit is contained in:
parent
f07a8c12c0
commit
126e5ea306
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: mi,v 1.122.2.1 2019/09/01 13:00:37 martin Exp $
|
||||
# $NetBSD: mi,v 1.122.2.2 2019/10/28 16:37:55 martin Exp $
|
||||
#
|
||||
# Note: don't delete entries from here - mark them as "obsolete" instead.
|
||||
#
|
||||
|
@ -166,8 +166,8 @@
|
|||
./@MODULEDIR@/ffs/ffs.kmod base-kernel-modules kmod
|
||||
./@MODULEDIR@/filecore base-kernel-modules kmod
|
||||
./@MODULEDIR@/filecore/filecore.kmod base-kernel-modules kmod
|
||||
./@MODULEDIR@/filemon base-kernel-modules kmod
|
||||
./@MODULEDIR@/filemon/filemon.kmod base-kernel-modules kmod
|
||||
./@MODULEDIR@/filemon base-obsolete obsolete
|
||||
./@MODULEDIR@/filemon/filemon.kmod base-obsolete obsolete
|
||||
./@MODULEDIR@/flash base-kernel-modules kmod
|
||||
./@MODULEDIR@/flash/flash.kmod base-kernel-modules kmod
|
||||
./@MODULEDIR@/fss base-kernel-modules kmod
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.2 2015/08/20 11:05:01 christos Exp $
|
||||
# $NetBSD: Makefile,v 1.2.22.1 2019/10/28 16:37:55 martin Exp $
|
||||
|
||||
.include "../Makefile.inc"
|
||||
|
||||
|
@ -9,4 +9,10 @@ IOCONF= filemon.ioconf
|
|||
SRCS = filemon.c filemon_wrapper.c
|
||||
NOMAN = no
|
||||
|
||||
# Due to security concerns, we don't install the filemon module. We
|
||||
# do, however, want to keep building it to prevent bit-rot. Define
|
||||
# an empty install target for this.
|
||||
|
||||
kmodinstall:
|
||||
|
||||
.include <bsd.kmodule.mk>
|
||||
|
|
Loading…
Reference in New Issue