tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
KAUTH_GENERIC_CANSEE
Hi,
Although the kern.file and kern.file2 sysctls are retrieving
information about file descriptors that belong to processes, they do
so by accessing the list of files directly ("filehead") thus not
knowing which process owns which file. As a result, we added
KAUTH_GENERIC_CANSEE -- because we only have the credentials, not the
process, meaning we can't use the process scope, even though the
latter has the more suitable KAUTH_REQ_PROCESS_CANSEE_OPENFILES.
I would like to change that, but I'm not sure how. What "looks good to
me" is to add a back pointer to the process in struct file, but
perhaps others have different ideas (i.e., changing how "filehead"
works, which to me honestly looks like a hack, or maybe even allow a
NULL process pointer to be passed when authorizing
KAUTH_REQ_PROCESS_CANSEE_OPENFILES).
Thoughts?
Thanks,
-e.
Home |
Main Index |
Thread Index |
Old Index