Subject: Upcoming security model abstraction
To: None <tech-kern@NetBSD.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 08/25/2006 01:42:46
Recently I've been working on abstracting NetBSD's security model
to its own set of kauth(9) listeners. There's code for the listeners,
as well as initial diff for replacing the KAUTH_GENERIC_ISSUSER
requests with something more specific.
Due to it being spread across multiple files and quite big in size, I've
placed it all online:
The idea is that we'll have a new directory under src/sys, called
'secmodel'. Each security model we ship (for now there are no plans to
ship anything other than the one we have now, don't worry :) will be
under its own directory. The default one is called "bsd44".
The files suser.[ch] and securelevel.[ch] implement the superuser
and securelevel implications, respectively. You can see how easy it is
to inspect the model -- it's all centralized in one easy to read file.
Some questions that you may have:
Q: What are the implications of this change for normal users?
A: None. Lots of work was put into making this completely transparent.
Q: What are the implications of this change for developers?
- You are very strongly discouraged from adding code that uses
KAUTH_GENERIC_ISSUSER requests or checks 'securelevel' directly,
- You are very strongly discouraged from directly comparing
user/group-ids as means for authorization.
Q: How do we know these changes don't break anything? or change
A: You can take a look at the code and diff yourself, it's pretty small
right now. Also, efforts are done to write a regression test-suite,
which will be used to evaluate the consistency of the changes before
commiting. The regression test-suite will also be publicly available.
Q: What other security models are you going to add?
A: None. When (and if) I will, you can expect a detailed post with the
Q: When are you going to commit this?
A: Probably a week or two from now.
Q: Where are man-page updates?
A: Working on it. :) No code will be commited without man-page updates.
Q: Will there be documentation on how to write new security models?
A: Yes, once we're done with the abstraction.
Please CC me on replies.