Re: uid 0 (was Re: CVS commit: src/sys/kern)

To: Christos Zoulas <christos%astron.com@localhost>
Subject: Re: uid 0 (was Re: CVS commit: src/sys/kern)
From: Antti Kantee <pooka%cs.hut.fi@localhost>
Date: Tue, 17 Mar 2009 18:20:15 +0200

On Sun Mar 08 2009 at 00:12:45 +0000, Christos Zoulas wrote:
> In article <20090307195914.GO889%shaak.vert-toit.net@localhost>,
> Quentin Garnier  <cube%cubidou.net@localhost> wrote:
> >-=-=-=-=-=-
> >
> >On Sat, Mar 07, 2009 at 02:23:02PM -0500, Christos Zoulas wrote:
> >> Module Name:       src
> >> Committed By:      christos
> >> Date:              Sat Mar  7 19:23:02 UTC 2009
> >> 
> >> Modified Files:
> >>    src/sys/kern: kern_exec.c
> >> 
> >> Log Message:
> >> don't enforce maxproc resource limits for root.
> >
> >Is it correct to use uid == 0 as a test outside of the secmodel?
> 
> Probably not, but I just made the code look exactly like the fork()
> case.

Doesn't kauth(KAUTH_GENERIC_ISSUSER) do the right thing?  Yes, I agree,
it wastes much non-ansified non-whitespace in the source tree, but things
like gaols would work better if we don't propagate code which we know
to be incorrect.

Follow-Ups:
- Re: uid 0 (was Re: CVS commit: src/sys/kern)
  - From: Quentin Garnier

References:
- uid 0 (was Re: CVS commit: src/sys/kern)
  - From: Quentin Garnier
- Re: uid 0 (was Re: CVS commit: src/sys/kern)
  - From: Christos Zoulas

Prev by Date: Re: Fatal page fault in supervisor mode
Next by Date: Re: panic: init died (signal 0, exit 12) during booting
Previous by Thread: Re: uid 0 (was Re: CVS commit: src/sys/kern)
Next by Thread: Re: uid 0 (was Re: CVS commit: src/sys/kern)
Indexes:

Home | Main Index | Thread Index | Old Index