Re: kern/38174: kauth_cred_t interpreted outside of kauth

[Iain Hibbert <plunky%rya-online.net@localhost>]

The following reply was made to PR kern/38174; it has been noted by GNATS.

From: Iain Hibbert <plunky%rya-online.net@localhost>
To: gnats-bugs%netbsd.org@localhost, elad%netbsd.org@localhost, 
pooka%iki.fi@localhost
Cc: 
Subject: Re: kern/38174: kauth_cred_t interpreted outside of kauth
Date: Sat, 14 Feb 2009 17:37:22 +0000 (GMT)

 Antti Kantee wrote:
 >
 > On Wed Mar 05 2008 at 17:16:31 +0200, Elad Efrat wrote:
 > > Are you interested in replacing these constants and tests with wrapper
 > > functions like kauth_cred_kernel() and kauth_cred_is_kernel()? :)
 >
 > Something like that.  Although I don't know if it makes any sense to
 > have explicit routines than rather just interpret the values in the
 > existing kauth interface routines.
 
 I agree. I just had to fix up miscfs/umapfs/umap_vnop.c because it didn't
 handle the case of "cred == FSCRED".  If FSCRED and NOCRED are recognised
 values for an obscured type, the kauth routines should handle them
 appropriately. ie
 
        cred = kauth_cred_dup(orig);
 
                ...
 
        kauth_cred_free(cred);
 
 should not cause a page fault, and requiring all client code to know of
 special exceptions is hardly different than putting 'if (uid == 0)'
 everywhere..
 
 If its too much work to do that where both are absolute defined values, it
 could be possible to use a global credential of that name, created at init
 time?
 
 iain