Subject: Re: sys_ptrace() changes
To: Elad Efrat <elad@NetBSD.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 12/29/2006 11:31:48
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Dec 26, 2006 at 01:27:20PM +0200, Elad Efrat wrote:
> hi,
>=20
> attached diff does the following:
>=20
> - reorganize the code: first, switch statement to check if it's
> possible to do the request as far as kernel stability etc. goes.
> then a kauth(9) check to enforce security semantics (this replaces
> several kauth(9) calls in the second switch. last, the second
> switch statement to dispatch the request, after all aspects have
> been checked.
>=20
> - add kauth(9) KAUTH_PROCESS_CANSEE call right after the pfind()
> to enforce curtain policy. with XXX comment because these should
> not be sprinkled all around the code.
>=20
> comments?
I'm not too familiar with the code, so please make sure someone else also=
=20
looks at it. The change as described above sounds very good, and it sounds=
=20
like something that will improve code clarity.
Take care,
Bill
--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
iD8DBQFFlW0kWz+3JHUci9cRAjJPAJ9xvRNqusq0NaxEH4aVxlF7wqSAXgCfXJzu
mQpRkB7bzVNZoPNSLagrX2Q=
=bC+4
-----END PGP SIGNATURE-----
--OgqxwSJOaUobr8KG--