tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kauth and socket calls (esp. bind())



On Thu, Apr 08, 2010 at 04:31:56PM -0400, Thor Lancelot Simon wrote:
> According to kauth(9):
> 
>            Listeners might sleep, so no locks can be held when calling
>            an authorization wrapper.
> 
> According to uipc_socket.c:sobind():
> 
>            solock(so);
>            error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
>                     NULL, l);
>            sounlock(so);
> 
> According to in_pcb.c:in_pcbbind():
> 
>            kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
>                                    KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
>                                    sin, NULL)
> 
> Um.  Is it the documentation or the code which should be corrected?
> 
> I'm not sure I grasp how things like the filesystem or device scopes could
> even really work if you can't make kauth calls with locks held.

It cannot work without locks held in various places. 
What it should say is that kauth itself must not take locks..



Home | Main Index | Thread Index | Old Index