Subject: Re: CVS commit: src/sys
To: Alistair Crooks <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 06/23/2007 14:05:44
On Sat, Jun 23, 2007 at 06:37:20PM +0100, Alistair Crooks wrote:
> As a software developer, my answer to your question would be "no - if
> the complete abstraction has been violated, then it will be harder to
> build models on top of kauth". Has the complete abstraction been violated,
> or just a part of it? Where is the documentation dealing with the
> abstractions, the ways it fits into other kernel code, and the direction
> forward for kauth?

The documentation is poor, but I think the design principle that's been
violated here is pretty obvious: don't expose kauth internals or security
model internals to other code in the kernel, because they will inevitably
abuse it.  Authentication data should only *ever* be handled via accessors.

We had that (albeit not in an ideally documented state) and changes like
the current one break it.  We should find a way to gain the performance
advantage of the current change without exposing knobs code outside kauth
has no business turning.