tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Removal of some KAUTH_GENERIC_ISSUSER (pass 1)



Hi,

Attached is a diff removing some KAUTH_GENERIC_ISSUSER uses in favor of
more meaningful alternatives, some newly added.

Newly added actions/requests:
  - KAUTH_MACHDEP_CMOS, for checking if the CMOS can be read
    from/written to.
        
  - KAUTH_MACHDEP_CACHEFLUSH_ALL, for checking if the whole CPU cache
    can be flushed (used in compat code only).
        
  - KAUTH_REQ_SYSTEM_SYSCTL_MODIFY, for checking if a sysctl(9) value
    that doesn't have a custom function handler can be modified.

  - KAUTH_REQ_NETWORK_SOCKET_DROP, for checking if a connection can be
    dropped.

  - KAUTH_REQ_NETWORK_SOCKET_SETPRIV, for checking if privileged
    socket options can be set.

Also note the changes in the ibcs2 compat code. I followed
http://docsrv.sco.com:507/en/man/html.S/uadmin.S.html and hopefully the
semantics are the same.

Thanks,

-e.

Attachment: pass1.diff
Description: Binary data



Home | Main Index | Thread Index | Old Index