Re: on getting rid of KAUTH_GENERIC_ISSUSER

To: Christoph Badura <bad%bsd.de@localhost>
Subject: Re: on getting rid of KAUTH_GENERIC_ISSUSER
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Wed, 29 Jul 2009 00:13:48 +0300

Christoph Badura wrote:

So, it seems to me that the first step in that direction should be
to rename that constant to KAUTH_GENERIC_ISPRIVILEGED or ..._ISAUTHORIZED.

There's a serious confusion here.  The check is not whether the credentials
presented are those of the super user.  The check is whether the credentials
can be authorized to perform some unspecific privileged operation.

The check that the credentials are the super-user's is only made in
secmodel_bsd44_suser.c.

Any objections to that?


Yes. Changing the name does not help in any way to solve the real
problem, which is that the operation is unspecified. I don't see why
waste time and energy on search-and-replace commits when you can invest
them in actually properly classifying the place-holders.

FWIW, KAUTH_GENERIC_ISSUSER originates in Apple's implementation and was
never intended to be anything more than a place-holder. A discussion
will be held at some point in the future about whether or not we want an
"unspecified privileged operation authorization action" to be present or
not, along with its implications on secmodels, logging, etc.

-e.

Follow-Ups:
- Re: on getting rid of KAUTH_GENERIC_ISSUSER
  - From: Iain Hibbert
- Re: on getting rid of KAUTH_GENERIC_ISSUSER
  - From: Christoph Badura

References:
- on getting rid of KAUTH_GENERIC_ISSUSER
  - From: Christoph Badura

Prev by Date: on getting rid of KAUTH_GENERIC_ISSUSER
Next by Date: factoring out the change_root() and making exporting change_{root,dir}() as interface
Previous by Thread: on getting rid of KAUTH_GENERIC_ISSUSER
Next by Thread: Re: on getting rid of KAUTH_GENERIC_ISSUSER
Indexes:

Home | Main Index | Thread Index | Old Index