[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Silly question about ktrace(1) and non-root users
Hello. I agree. AFter I figured out what was where, I think the
secmodel code is far easier to maintain. But, getting my head around
things in a hurry for this one case meant it was easier for me to look at
the code when it was in a simpler state.
On Jun 21, 9:19am, Thor Lancelot Simon wrote:
} Subject: Re: Silly question about ktrace(1) and non-root users
} On Tue, Jun 21, 2011 at 07:55:37AM +0100, David Laight wrote:
} > On Mon, Jun 20, 2011 at 04:29:05PM -0700, Brian Buhrow wrote:
} > > For reference, I used the ktrcanset() function from kern_ktrace.c from
} > > NetBSD-3.0 sources because it was easier to read than following the chain
} > > of layers down through the secmodel infrastructure and finding where
} > > exactly the permission is denied in that machinery.
} > mmmm security through obscurity ...
} For what it's worth, I find reading the secmodel code very easy. Much
} easier than reading the tangled logic around every open coded
} permission check that used to be in the tree.
} Thor Lancelot Simon tls%panix.com@localhost
} "All of my opinions are consistent, but I cannot present them all
} at once." -Jean-Jacques Rousseau, On The Social Contract
>-- End of excerpt from Thor Lancelot Simon
Main Index |
Thread Index |