On Tue, 30 Jan 2007, David Young wrote:

> On Wed, Jan 31, 2007 at 01:28:26AM +0100, Joerg Sonnenberger wrote:
> > On Wed, Jan 31, 2007 at 12:16:15AM +0000, Iain Hibbert wrote:
> > > 1. specifically allow (PF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) access to all..
> > > 2. rewrite the HCI socket code so that its not socket based..
> >
> > 3. Make the check honour the domain of the socket?
>
> ISTR I had to do that for PF_ROUTE.

Yeah, I saw that hardcoded exception..

> (FWIW, I do not think the BSD security model for raw sockets is standing
> the test of time, and I am thankful for the opportunity to correct it
> with kauth.)

I'm not sure what you mean, can you elaborate which way you think we
should correct it?

Arguably, the Bluetooth HCI access should not work that way (I've come to
this viewpoint latterly) but I followed the prior art to get there and I'm
not especially sure if doing it a different way would cause problems with
porting apps. Application software does not really need access at the HCI
level, and config tools are NetBSD specific anyway.

btw currently (and in netbsd-4 branch) applications may need access to HCI
raw sockets because its the only way to lookup and validate the bdaddr of
a local device (eg "ubt0" => "00:08:1b:8d:ba:6d"). This was probably not
apparent if you only have one device (since you don't need to use the -d
option)

iain