Subject: Re: CVS commit: [elad-kernelauth] src/sys
To: Jason Thorpe <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 03/08/2006 19:10:19
Jason Thorpe wrote:
> Darwin also provides an suser(), but it carries caveats:
> 1- It is not implemented as a wrapper around KAUTH_GENERIC_ISSUSER
This is *exactly* what I am trying to avoid: authorization of requests
not via the discussed KPI. Note that I can't stand these zero
comparisons against the uid/euid.
> 2- It is marked as "going away".
The code provided on the branch already makes it go away; I think
that if we're going to do a suser() it should at least be a wrapper..
> Also note that the Darwin KAUTH_GENERIC_ISSUSER does NOT take the
> accounting flags argument, and thus does not set ASU. I think we
> should try to stick to the Darwin KPI as much as possible, so I think
> we should also skip the accounting flags argument for
> KAUTH_GENERIC_ISSUSER. If we still want to set ASU, then we need to
> find another way to do it.
That is something I didn't want to get into, but would be easy enough
to change -- once we have figured what to do with the accounting bit.
> Yes, I think we should keep as close to Darwin's KPI as possible, in
> this regard.
That would require a big sweep that I don't mind doing but would rather
postpone until more critical issues are solved, if no one minds. I
*will* change it.