Subject: Re: kauth machdep actions (Re: CVS commit: src)
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 12/23/2006 09:33:18
YAMAMOTO Takashi wrote:
>> and would that mean that there's code that appears to be handled in
>> the secmodel, but really isn't?
> i'm not sure what you mean here.
I mean that when someone builds a kernel on alpha, and looks at the
secmodel code, he sees 'case' for KAUTH_MACHDEP_IOPL, but he has to
go dig around other code (sys/arch/*/?) to find out if it's dead code
or not. (perhaps that's a moot point because there's the man-page, but
I still don't like the idea of implicit secmodel code.)
> why each ports check root and securelevel differently (which is what
> we are talking about, right?) seems unknown and unmaintainable.
> i don't see much point to keep it as-is.
this was exactly my concern. it seems nobody knows the reason for these
semantics. however, I'd like us to be 100% sure when we're changing them
(after all, these *are* security semantics) of why they were put there
in the first place.
if we're unifying this, we can probably do what you suggest.
> do we have so many candidates of machdep actions?
probably not; I don't think there should be.
the real question is: do we want to assume that similar requests on
different hardware platforms have the same implication and will be
handled the same, security-wise?
do you mind if we give others some time to voice in? (smb? tls?)