Subject: Re: CVS commit: src/sys/kern
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <firstname.lastname@example.org>
Date: 06/14/2006 15:53:02
> > although it's definitely better than CURTAIN or abusing KAUTH_PROCESS_CANSEE,
> > i'm not sure if it's a good idea.
> I'm thinking we need a generic way of checking if object with 'cred1'
> can access object with 'cred2'.
> Alternatively, we could have these cases in their respective (to-be)
> scopes -- either fileop, vnode, network, whatever.
> What do you think?
i think the latter is better.
> > i'm not even sure if abusing fp->f_cred here is a good idea.
> Is there a choice?
in this particular case, it depends on the definition of "curtain" things,
which i'm not aware of.
however, in the POV of kauth framework, i think it's better for
listeners to take an object itself, rather than a credential
associated to it.
> > IMO, performing I/O and "cansee" are very different.
> Maybe add a KAUTH_PROCESS_IOPERM?