Re: Addition to kauth(9) framework

To: dholland-tech%netbsd.org@localhost
Subject: Re: Addition to kauth(9) framework
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Tue, 30 Aug 2011 00:30:38 +0000 (UTC)

> On Mon, Aug 29, 2011 at 07:54:38PM +1000, matthew green wrote:
>  > > do you mean that we need to unshare the credential unconditionally,
>  > > regardless his module is used or not?  why?
>  > 
>  > maybe it's just me, but i actually have absolutely no problem
>  > with chroot unsharing kauth_cred_t by default.  it just seems
>  > to have more generic safety aspects.
> 
> So hold on. kauth_cred_t (ignoring some silly typedef issues) is the
> process credentials structure, with the uids and gids in it. Right?
> 
> In the normal world, each process should have its own, so all sharing
> is purely an optimization and should be copy-on-write. Therefore,
> anything that changes the contents of the structure should first
> establish a private copy of it. Because the type is private to
> kern_auth.c, this is fairly easy to establish and audit.
> 
> So far so good.
> 
> Now, the question is: in the Elad world, are there cases where this
> thing is supposed to be shared for modification? If so, what are they,

nothing as far as i know.

YAMAMOTO Takashi

> what's the intent and the intended semantics, and is there an
> implementation that makes it all behave reasonably without being a
> code nightmare? Like with sharing pages in VM, handling objects that
> are both shared-update and copy-on-write at once is not entirely
> trivial.
> 
> -- 
> David A. Holland
> dholland%netbsd.org@localhost

References:
- Re: Addition to kauth(9) framework
  - From: David Holland

Prev by Date: re: Addition to kauth(9) framework
Next by Date: Re: Addition to kauth(9) framework
Previous by Thread: Re: Addition to kauth(9) framework
Next by Thread: Re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index