[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/29360: vfs.generic.usermount and mount(8) general questions
The following reply was made to PR kern/29360; it has been noted by GNATS.
From: Antti Kantee <pooka%netbsd.org@localhost>
To: Elad Efrat <elad%NetBSD.org@localhost>
Cc: Manuel Bouyer <bouyer%antioche.eu.org@localhost>,
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Date: Sun, 6 Sep 2009 21:21:06 +0300
On Sun Sep 06 2009 at 13:02:02 -0400, Elad Efrat wrote:
> I agree with Antti here about the sysctl, but I want to replace the
> root check, eventually. What do you guys think about replacing the
> owner/root check with a kauth action that does the same in a
> bsd44-suser listener?
Well, sounds sensible in general, but just some food-for-thought: I wonder
how much of an "ufs syndrome" you are creating for security code, i.e. how
difficult will it be to implement a security model without copypasting
"bsd44" and modifying a few bits here and there and eventually ending
up with 20 slightly different copies of whatever the secmodel equivalent
of rename is?
Main Index |
Thread Index |