From a10ab2c10231aad6948c0684931ecf62184cda77 Mon Sep 17 00:00:00 2001
From: Siavash Safi <siavash.safi@gmail.com>
Date: Wed, 20 May 2015 12:22:00 +0430
Subject: [PATCH] Check caller's euid and egid when accessing /dev/mem on
 FreeBSD.

---
 collector/cpu_freebsd.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/collector/cpu_freebsd.go b/collector/cpu_freebsd.go
index a5615809..54fa8cbf 100644
--- a/collector/cpu_freebsd.go
+++ b/collector/cpu_freebsd.go
@@ -4,6 +4,7 @@ package collector
 
 import (
 	"errors"
+	"os"
 	"strconv"
 	"unsafe"
 
@@ -49,6 +50,10 @@ func NewStatCollector(config Config) (Collector, error) {
 
 // Expose cpu stats using kvm
 func (c *statCollector) Update(ch chan<- prometheus.Metric) (err error) {
+	if os.Geteuid() != 0 && os.Getegid() != 2 {
+		return errors.New("Caller should be either root user or kmem group to access /dev/mem")
+	}
+
 	var errbuf *C.char
 	kd := C.kvm_open(nil, nil, nil, C.O_RDONLY, errbuf)
 	if errbuf != nil {