This is a multi-part message in MIME format.

--Boundary_(ID_VPYjRvqXJ2B/vAUFFKgrbQ)
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7BIT

Hi,

See attached diff...

-e.

-- 
Elad Efrat

--Boundary_(ID_VPYjRvqXJ2B/vAUFFKgrbQ)
Content-type: text/plain; name=kern_auth.c.diff
Content-transfer-encoding: 7BIT
Content-disposition: inline; filename=kern_auth.c.diff

Index: kern_auth.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_auth.c,v
retrieving revision 1.20
diff -u -p -r1.20 kern_auth.c
--- kern_auth.c	8 Sep 2006 21:57:38 -0000	1.20
+++ kern_auth.c	13 Sep 2006 10:13:26 -0000
@@ -104,6 +104,8 @@ static kauth_scope_t kauth_builtin_scope
 static kauth_scope_t kauth_builtin_scope_network;
 static kauth_scope_t kauth_builtin_scope_machdep;
 
+static boolean_t listeners_have_been_loaded = FALSE;
+
 /* Allocate new, empty kauth credentials. */
 kauth_cred_t
 kauth_cred_alloc(void)
@@ -713,9 +715,17 @@ kauth_authorize_action(kauth_scope_t sco
 	if (cred == NOCRED || cred == FSCRED)
 		return (0);
 
-	/* Short-circuit requests when there are no listeners. */
-	if (SIMPLEQ_EMPTY(&scope->listenq))
-		return (0);
+	/*
+	 * If there are no listeners on this scope, check if any listeners
+	 * were loaded at all. If not, it's probably intentional and we
+	 * should let the request through. Otherwise, fail it.
+	 */
+	if (SIMPLEQ_EMPTY(&scope->listenq)) {
+		if (!listeners_have_been_loaded)
+			return (0);
+
+		return (EPERM);
+	}
 
 	fail = 0;
 	allow = 0;

--Boundary_(ID_VPYjRvqXJ2B/vAUFFKgrbQ)--