git: systat - Restrict %rip sampling to root

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Jul 27 16:23:54 PDT 2016


commit 82f8b5503d1e2e68370f695614715258208e67b5
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Jul 27 16:22:11 2016 -0700

    systat - Restrict %rip sampling to root
    
    * Only allow root to sample the %rip and %rsp on all cpus.  The sysctl will
      not sample and return 0 for these fields if the uid is not root.
    
      This is for security, as %rip sampling can be used to break cryptographic
      keys.
    
    * systat -pv 1 will not display the sampling columns if the sample value
      is 0.

Summary of changes:
 sys/kern/kern_clock.c    | 19 ++++++++++++++++---
 usr.bin/systat/vmmeter.c | 27 +++++++++++++++++++--------
 2 files changed, 35 insertions(+), 11 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/82f8b5503d1e2e68370f695614715258208e67b5


-- 
DragonFly BSD source repository



More information about the Commits mailing list