Subject: Re: How kauth can make meaningful decisions about passthru ioctls
To: Elad Efrat <elad@NetBSD.org>
From: Steven M. Bellovin <email@example.com>
Date: 11/30/2006 09:06:03
On Thu, 30 Nov 2006 15:53:31 +0200
Elad Efrat <elad@NetBSD.org> wrote:
> Steven M. Bellovin wrote:
> > On Thu, 30 Nov 2006 15:10:25 +0200
> > Elad Efrat <elad@NetBSD.org> wrote:
> >> Thor Lancelot Simon wrote:
> >>> Sure. We're concerned about what the ioctl being passed-through
> >>> could cause the device to do. Think about what amr(4) would have
> >>> to do if it didn't know how to parse the sub-commands: it'd have
> >>> to tell the listener "it could be any of these: ..." .
> >>> We could, I suppose, order the commands from "safest" to "most
> >>> dangerous" and require that the question indicate the "most
> >>> dangerous". But what's "more dangerous", writing the device data
> >>> or writing the device configuration? I think a similar issue
> >>> exists even for read.
> >> sounds logical. unless someone objects, I'll come up with a diff.
> > What sounds logical? An ordering? I don't think it makes much
> > sense at all. What's wrong with a bitmask?
> sorry if I wasn't clear: thor's explanation as to why we should use
> a bit-field sounds logical, and I agree that it's what we should do.
OK, great. I certainly don't object.
--Steve Bellovin, http://www.cs.columbia.edu/~smb