Re: Vnode scope implementation

[Elad Efrat <elad%NetBSD.org@localhost>]

David Young wrote:
> On Thu, Jul 16, 2009 at 07:39:15PM +0300, Elad Efrat wrote:
> > David Young wrote:
> >
> > > Isn't it hard to know that the design of kauth(9) and the placement of
> > > the hooks is correct for anybody's purposes---Apple's, NetBSD's, yours,
> > > mine---when you do not use the API for anything?
> > How is the API not in use? what do you think implements "root" and
> > "securelevel" for several years now? :)
>
> Sorry if it wasn't clear from the context, but I was asking about the
> vnode scope.

In that case your question makes very little sense, given the subject
of this thread is the vnode scope back-end. In other words, no hooks are
added, so you can't tell if their placement is correct or not.

> > > I have a feeling that I am not only one who is anxious to see the
> > > kauth(9) pay-off in a compelling security demonstration or two. 
> > Okay. At the moment, NetBSD uses kauth(9) to implement the traditional
> > security model it always had: root and securelevel.
>
> But that is just maintaining the status quo.  Is that such a big
> pay-off?

I think your assertion is wrong, but I also think we have different
definitions of what a big pay-off would be. Could you please state
what a big pay-off would be, from your point of view?

> > Other work using kauth(9) is bad@'s gaols (jails), which you can see
> > here:
> >
> >         http://2008.asiabsdcon.org/papers/P3A-paper.pdf
> >
> > and agc@'s role-based access controls, which you should be able to see
> > soon. Here's an abstract:
> >
> >         http://www.ukuug.org/events/eurobsdcon2009/talks/#crooks
>
> A paper and an abstract do not a compelling security demonstration make!

Same question as above -- could you elaborate on what a compelling
security demonstration would be, from your point of view?

Thanks,

-e.