Subject: Re: CVS commit: src/sys/kern
To: YAMAMOTO Takashi <>
From: Elad Efrat <>
List: tech-kern
Date: 06/14/2006 09:18:24
YAMAMOTO Takashi wrote:

> although it's definitely better than CURTAIN or abusing KAUTH_PROCESS_CANSEE,
> i'm not sure if it's a good idea.

I'm thinking we need a generic way of checking if object with 'cred1'
can access object with 'cred2'.

Alternatively, we could have these cases in their respective (to-be)
scopes -- either fileop, vnode, network, whatever.

What do you think?

> i'm not even sure if abusing fp->f_cred here is a good idea.

Is there a choice?

> IMO, performing I/O and "cansee" are very different.



Elad Efrat