Re: CVS commit: src

To: Andrew Doran <ad%netbsd.org@localhost>
Subject: Re: CVS commit: src
From: Elad Efrat <elad%bsd.org.il@localhost>
Date: Sun, 25 Nov 2007 20:38:45 +0200

Hi Andrew,

Andrew Doran wrote:

The wrong credential is being used to authorize the request.

Accessing p_cred requires holding the corresponding lock which is not done
here. As a result there is a race condition. For example, given the right
conditions a non-root user could change the clock.


Right, my mistake -- sorry about that, and thanks for pointing it out.

Would you suggest to use mutex_enter()/mutex_exit() on p->p_mutex around
the kauth(9) calls that use it? or proc_representative_lwp()? (is it
even a valid substitution?)

Thanks,

-e.

References:
- Re: CVS commit: src
  - From: Andrew Doran

Prev by Date: Re: CVS commit: src
Next by Date: CVS commit: src/sys/kern
Previous by Thread: Re: CVS commit: src
Next by Thread: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index