Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pull up following revision(s) (requested by maya in ticket #385): 

distrib/sets/lists/modules/mi: revision 1.127
	sys/modules/Makefile: revision 1.230
	sys/modules/filemon/Makefile: revision 1.4 (manually adjusted)
	sys/modules/Makefile: revision 1.229

Disable filemon.

It isn't suited for general use (that is, it poses security risks),
but the existence of the module means it is auto-loaded when /dev/filemon
is opened, which can be done by any user.

Thanks Ilja van Sprundel for the heads up.

 -

Continue to build the filemon module, but don't install it.  Hopefully
this will help us detect any additional bit-rot that might occur.

XXX It might be a good idea to modify the file permissions on /dev/filemon
XXX to prevent auto-loading of the driver module by non-privileged users.
This commit is contained in:
martin 2019-10-28 16:37:55 +00:00
parent f07a8c12c0
commit 126e5ea306
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
distrib/sets/lists/modules/mi
View File

@ -1,4 +1,4 @@
# $NetBSD: mi,v 1.122.2.1 2019/09/01 13:00:37 martin Exp $
# $NetBSD: mi,v 1.122.2.2 2019/10/28 16:37:55 martin Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@ -166,8 +166,8 @@
./@MODULEDIR@/ffs/ffs.kmod base-kernel-modules kmod
./@MODULEDIR@/filecore base-kernel-modules kmod
./@MODULEDIR@/filecore/filecore.kmod base-kernel-modules kmod
./@MODULEDIR@/filemon base-kernel-modules kmod
./@MODULEDIR@/filemon/filemon.kmod base-kernel-modules kmod
./@MODULEDIR@/filemon base-obsolete obsolete
./@MODULEDIR@/filemon/filemon.kmod base-obsolete obsolete
./@MODULEDIR@/flash base-kernel-modules kmod
./@MODULEDIR@/flash/flash.kmod base-kernel-modules kmod
./@MODULEDIR@/fss base-kernel-modules kmod

8
sys/modules/filemon/Makefile
View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.2 2015/08/20 11:05:01 christos Exp $
# $NetBSD: Makefile,v 1.2.22.1 2019/10/28 16:37:55 martin Exp $
.include "../Makefile.inc"
@ -9,4 +9,10 @@ IOCONF= filemon.ioconf
SRCS = filemon.c filemon_wrapper.c
NOMAN = no
# Due to security concerns, we don't install the filemon module. We
# do, however, want to keep building it to prevent bit-rot. Define
# an empty install target for this.
kmodinstall:
.include <bsd.kmodule.mk>