Subject: Re: sys_ptrace() changes
To: Elad Efrat <elad@NetBSD.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 12/29/2006 11:31:48
--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 26, 2006 at 01:27:20PM +0200, Elad Efrat wrote:
> hi,
>=20
> attached diff does the following:
>=20
>   - reorganize the code: first, switch statement to check if it's
>     possible to do the request as far as kernel stability etc. goes.
>     then a kauth(9) check to enforce security semantics (this replaces
>     several kauth(9) calls in the second switch. last, the second
>     switch statement to dispatch the request, after all aspects have
>     been checked.
>=20
>   - add kauth(9) KAUTH_PROCESS_CANSEE call right after the pfind()
>     to enforce curtain policy. with XXX comment because these should
>     not be sprinkled all around the code.
>=20
> comments?

I'm not too familiar with the code, so please make sure someone else also=
=20
looks at it. The change as described above sounds very good, and it sounds=
=20
like something that will improve code clarity.

Take care,

Bill

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFFlW0kWz+3JHUci9cRAjJPAJ9xvRNqusq0NaxEH4aVxlF7wqSAXgCfXJzu
mQpRkB7bzVNZoPNSLagrX2Q=
=bC+4
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--