Re: CVS commit: src/sys

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: CVS commit: src/sys
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Tue, 21 Apr 2009 05:18:25 +0300

On Tue, Apr 21, 2009 at 3:34 AM, YAMAMOTO Takashi
<yamt%mwd.biglobe.ne.jp@localhost> wrote:

> anyway, i don't like the "check KAUTH_GENERIC_ISSUSER first" style
> because it makes logging useless.  ie. i prefer:
>
>        foo()
>        {
>                :
>                :
>                :
>        out:
>                /*
>                 * use the power of the super user as a last resort.
>                 */
>                if (error != 0) {
>                        int error2 = kauth_authorize_generic(ISSUSER);
>
>                        if (error2 == 0) {
>                                error = 0;
>                        }
>                }
>                return error;
>        }
>
> how do you think?

I think you give too much weight to the current form of these functions. :)

For example, if we wanted to log all chmod/chown, we would have to have
the kauth(9) call first. On the other hand, some would say that is not
the goal of kauth(9) and we should use a different instrument for audit
trails/logging and such. Another point is that both in the current form
and your suggestion we can't have kauth(9) flip a decision based on a
policy.

The point is, what I care about with these changes is to reduce the
number of KAUTH_GENERIC_ISSUSER uses in the kernel and centralize
similar logic. There is no intention for any of that stuff to go in a
NetBSD release: it's just a step in the general direction.

That said, if you want the logic changed, I'll go ahead and change it.

Thanks,

-e.

References:
- Re: CVS commit: src/sys
  - From: YAMAMOTO Takashi

Prev by Date: Re: CVS commit: src/sys
Next by Date: Re: CVS commit: src/sys
Previous by Thread: Re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys
Indexes:

Home | Main Index | Thread Index | Old Index