vm.objects possible regression
This commit fixes an infoleak in the vm.objects
and vm.swap_objects
sysctls, where filenames and sizes of all files loaded since boot were exposed to unprivileged users. The fix was to mark the sysctls CTLFLAG_ROOTONLY
:
20177e60
We should check if this breaks something in userland; the vm.objects
syscall is used here:
lib/libutil/kinfo_getvmobject.c:kinfo_getvmobject
lib/libutil/kinfo_getvmobject.c:kinfo_getswapvmobject
usr.bin/vmstat/vmstat.c: kvo = kinfo_getvmobject(&cnt);
usr.bin/systat/proc.c: kvo = kinfo_getswapvmobject(&cnt);
ping @shawn.webb