Option INSECURE abuse

To: tech-kern%netbsd.org@localhost
Subject: Option INSECURE abuse
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Thu, 24 Dec 2009 14:22:35 -0500

Hi,

The INSECURE option is used to indicate the kernel should be
"hard-wired" to securelevel -1. This is how it's documented
everywhere. (In practice, it just starts with -1; it can be raised.)

There's an abuse of this option by libsa, however, that basically uses
it to tell whether the image loaded by exec() can be owned by anyone
other than uid 0. I believe this to be undocumented.

I'd like to fix this in the following way:
  - Change the option name used to indicate the aforementioned, from
INSECURE to, say, LIBSA_EXEC_ANYOWNER.
  - Add this option either commented or uncommented, wherever INSECURE
is, to prevent behavior from changing.

Would this be okay?

Thanks,

-e.

Prev by Date: PCDISPLAY_SOFTCURSOR problem
Next by Date: Deferred freeing of kauth_cred_ts
Previous by Thread: PCDISPLAY_SOFTCURSOR problem
Next by Thread: Deferred freeing of kauth_cred_ts
Indexes:

Home | Main Index | Thread Index | Old Index