Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys

On Tue, Apr 21, 2009 at 3:34 AM, YAMAMOTO Takashi
<> wrote:

> anyway, i don't like the "check KAUTH_GENERIC_ISSUSER first" style
> because it makes logging useless.  ie. i prefer:
>        foo()
>        {
>                :
>                :
>                :
>        out:
>                /*
>                 * use the power of the super user as a last resort.
>                 */
>                if (error != 0) {
>                        int error2 = kauth_authorize_generic(ISSUSER);
>                        if (error2 == 0) {
>                                error = 0;
>                        }
>                }
>                return error;
>        }
> how do you think?

I think you give too much weight to the current form of these functions. :)

For example, if we wanted to log all chmod/chown, we would have to have
the kauth(9) call first. On the other hand, some would say that is not
the goal of kauth(9) and we should use a different instrument for audit
trails/logging and such. Another point is that both in the current form
and your suggestion we can't have kauth(9) flip a decision based on a

The point is, what I care about with these changes is to reduce the
number of KAUTH_GENERIC_ISSUSER uses in the kernel and centralize
similar logic. There is no intention for any of that stuff to go in a
NetBSD release: it's just a step in the general direction.

That said, if you want the logic changed, I'll go ahead and change it.



Home | Main Index | Thread Index | Old Index