Re: on getting rid of KAUTH_GENERIC_ISSUSER

[Christoph Badura <bad%bsd.de@localhost>]

On Wed, Jul 29, 2009 at 12:13:48AM +0300, Elad Efrat wrote:
> Christoph Badura wrote:
> >So, it seems to me that the first step in that direction should be
> >to rename that constant to KAUTH_GENERIC_ISPRIVILEGED or ..._ISAUTHORIZED.

> Yes. Changing the name does not help in any way to solve the real
> problem, which is that the operation is unspecified.

I wasn't going to solve the problem "that the operation is unspecified".
Maybe you want to comment on the issue I want to address.

Fixing confusing and broken interfaces to avoid confusing their users has
some value in itself.  My change was in part prompted some commits of
Reinoud's to the UDF file sytem that said in there log message something
to the effect "Oh, I've misinterpreted the KAUTH_GENERIC_ISSUSER name and
now I have to fix it".  Avoiding such misinterpretations in security sensitive
code seems like a worth goal to me.  Maybe not a high priority one, but
that's something else.

> I don't see why
> waste time and energy on search-and-replace commits when you can invest
> them in actually properly classifying the place-holders.

If you are looking for a list of productive things to do in kauth() and
the secmodel stuff, I'm happy to read you examples from the list of loose
ends you left behind.  I certainly wouldn't expect you to waste you time
on other stuff while you still have things to clean up.

> FWIW, KAUTH_GENERIC_ISSUSER originates in Apple's implementation and was
> never intended to be anything more than a place-holder.

That's fine with me.  But it has been a placeholder for more than 2 years
now, causing confusion along the way.  And there's no sign of it going away
in the short term.  So we might as well improve the situation by removing
the source of the confusion should someone feel inclinde to "waste his time"
on that.

--chris