Re: Uid comparison in sbreserve()

To: Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: Uid comparison in sbreserve()
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Thu, 31 Dec 2009 02:38:56 +0000

On Wed, Dec 30, 2009 at 12:37:04PM -0500, Elad Efrat wrote:
 > I think the first change here was an oversight, because the logic
 > doesn't seem right to me. The process resource limits are only used
 > when both the process is not NULL and the uid from the process'
 > credentials matches the uid on the socket. What if the process is not
 > NULL, but the uids don't match? I don't think it's intended to fall
 > back on RLIM_INFINITY for such a case...
 > [...]

The thing missing from this analysis is a discussion of the
circumstances in which the uids won't match and what happens if in
that case some other user's limits are charged.

(Maybe this is obvious to people who work on the network stack, but
I'm not one of them.)

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Uid comparison in sbreserve()
  - From: Elad Efrat

Prev by Date: Re: aibs(4): ASUSTeK AI Booster (ACPI ATK0110) hardware monitor with limit support
Next by Date: IPSEC (both stacks) slight adaptation to kauth(9)
Previous by Thread: Uid comparison in sbreserve()
Next by Thread: Socket reuse policy adaptation to kauth(9)
Indexes:

Home | Main Index | Thread Index | Old Index