Subject: Re: sys_ptrace() changes
To: Elad Efrat <elad@NetBSD.org>
From: Bill Studenmund <email@example.com>
Date: 12/29/2006 11:31:48
Content-Type: text/plain; charset=us-ascii
On Tue, Dec 26, 2006 at 01:27:20PM +0200, Elad Efrat wrote:
> attached diff does the following:
> - reorganize the code: first, switch statement to check if it's
> possible to do the request as far as kernel stability etc. goes.
> then a kauth(9) check to enforce security semantics (this replaces
> several kauth(9) calls in the second switch. last, the second
> switch statement to dispatch the request, after all aspects have
> been checked.
> - add kauth(9) KAUTH_PROCESS_CANSEE call right after the pfind()
> to enforce curtain policy. with XXX comment because these should
> not be sprinkled all around the code.
I'm not too familiar with the code, so please make sure someone else also=
looks at it. The change as described above sounds very good, and it sounds=
like something that will improve code clarity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)
-----END PGP SIGNATURE-----