Subject: Re: sys_ptrace() changes
To: Elad Efrat <>
From: Bill Studenmund <>
List: tech-kern
Date: 12/29/2006 11:31:48
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 26, 2006 at 01:27:20PM +0200, Elad Efrat wrote:
> hi,
> attached diff does the following:
>   - reorganize the code: first, switch statement to check if it's
>     possible to do the request as far as kernel stability etc. goes.
>     then a kauth(9) check to enforce security semantics (this replaces
>     several kauth(9) calls in the second switch. last, the second
>     switch statement to dispatch the request, after all aspects have
>     been checked.
>   - add kauth(9) KAUTH_PROCESS_CANSEE call right after the pfind()
>     to enforce curtain policy. with XXX comment because these should
>     not be sprinkled all around the code.
> comments?

I'm not too familiar with the code, so please make sure someone else also=
looks at it. The change as described above sounds very good, and it sounds=
like something that will improve code clarity.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.3 (NetBSD)