Subject: Re: CVS commit: src/sys/kern
To: None <email@example.com>
From: YAMAMOTO Takashi <firstname.lastname@example.org>
Date: 09/10/2006 20:46:20
[ moved from source-changes@ ]
> Module Name: src
> Committed By: elad
> Date: Sat Sep 2 20:10:24 UTC 2006
> Modified Files:
> src/sys/kern: kern_auth.c
> Log Message:
> Short-circuit calls to kauth_authorize_action() for a scope withtout any
> listeners to always return "allow".
> The idea is that it's not entirely unlikely that some vendors, or users,
> will decide to load the security model as an LKM, and that can only
> happen after at least mounting local file-systems. If we would not have
> this fast-path, all authorization requests would be denied.
> okay christos@
> To generate a diff of this commit:
> cvs rdiff -r1.17 -r1.18 src/sys/kern/kern_auth.c
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
does it mean that an introduction of a new scope will automatically
make existing secmodels insecure?
i'm not sure if it's a good idea.