re: Addition to kauth(9) framework

To: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Subject: re: Addition to kauth(9) framework
From: matthew green <mrg%eterna.com.au@localhost>
Date: Mon, 29 Aug 2011 19:54:38 +1000

> > In article <20110829003259.913F014A289%mail.netbsd.org@localhost>,
> > YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost> wrote:
> >>hi,
> >>
> >>> I'd like to apply the attached patch.
> >>> It implements two things:
> >>> 
> >>> - chroot(2)-ed process is given new kauth_cred_t with reference count
> >>>   equal to 1.
> >>
> >>can you find a way to avoid this?
> >>
> >>YAMAMOTO Takashi
> > 
> > He tried and I think that this is the minimal hook he needs.
> 
> do you mean that we need to unshare the credential unconditionally,
> regardless his module is used or not?  why?

maybe it's just me, but i actually have absolutely no problem
with chroot unsharing kauth_cred_t by default.  it just seems
to have more generic safety aspects.


.mrg.

Follow-Ups:
- re: Addition to kauth(9) framework
  - From: YAMAMOTO Takashi
- Re: Addition to kauth(9) framework
  - From: David Holland
- re: Addition to kauth(9) framework
  - From: Christos Zoulas

References:
- Re: Addition to kauth(9) framework
  - From: YAMAMOTO Takashi

Prev by Date: Re: Addition to kauth(9) framework
Next by Date: Re: CVS commit: src/sys/arch/xen
Previous by Thread: Re: Addition to kauth(9) framework
Next by Thread: re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index