tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Vnode scope implementation

David Young wrote:
On Thu, Jul 16, 2009 at 07:39:15PM +0300, Elad Efrat wrote:
David Young wrote:

Isn't it hard to know that the design of kauth(9) and the placement of
the hooks is correct for anybody's purposes---Apple's, NetBSD's, yours,
mine---when you do not use the API for anything?
How is the API not in use? what do you think implements "root" and
"securelevel" for several years now? :)

Sorry if it wasn't clear from the context, but I was asking about the
vnode scope.

In that case your question makes very little sense, given the subject
of this thread is the vnode scope back-end. In other words, no hooks are
added, so you can't tell if their placement is correct or not.

I have a feeling that I am not only one who is anxious to see the
kauth(9) pay-off in a compelling security demonstration or two.
Okay. At the moment, NetBSD uses kauth(9) to implement the traditional
security model it always had: root and securelevel.

But that is just maintaining the status quo.  Is that such a big

I think your assertion is wrong, but I also think we have different
definitions of what a big pay-off would be. Could you please state
what a big pay-off would be, from your point of view?

Other work using kauth(9) is bad@'s gaols (jails), which you can see

and agc@'s role-based access controls, which you should be able to see
soon. Here's an abstract:

A paper and an abstract do not a compelling security demonstration make!

Same question as above -- could you elaborate on what a compelling
security demonstration would be, from your point of view?



Home | Main Index | Thread Index | Old Index