On Tue, Mar 17, 2009 at 06:20:15PM +0200, Antti Kantee wrote: > On Sun Mar 08 2009 at 00:12:45 +0000, Christos Zoulas wrote: > > In article <20090307195914.GO889%shaak.vert-toit.net@localhost>, > > Quentin Garnier <cube%cubidou.net@localhost> wrote: > > >-=-=-=-=-=- > > > > > >On Sat, Mar 07, 2009 at 02:23:02PM -0500, Christos Zoulas wrote: > > >> Module Name: src > > >> Committed By: christos > > >> Date: Sat Mar 7 19:23:02 UTC 2009 > > >> > > >> Modified Files: > > >> src/sys/kern: kern_exec.c > > >> > > >> Log Message: > > >> don't enforce maxproc resource limits for root. > > > > > >Is it correct to use uid == 0 as a test outside of the secmodel? > > > > Probably not, but I just made the code look exactly like the fork() > > case. > > Doesn't kauth(KAUTH_GENERIC_ISSUSER) do the right thing? Yes, I agree, > it wastes much non-ansified non-whitespace in the source tree, but things > like gaols would work better if we don't propagate code which we know > to be incorrect. KAUTH_GENERIC_ISSUSER was a temporary kludge for the kauth move. It's slightly better than !uid, but not by much. -- Quentin Garnier - cube%cubidou.net@localhost - cube%NetBSD.org@localhost "See the look on my face from staying too long in one place [...] every time the morning breaks I know I'm closer to falling" KT Tunstall, Saving My Face, Drastic Fantastic, 2007.
Description: PGP signature