Subject: Re: proposed: /usr/src/usr.bin/tcfs/*, needs gdbm, some SUID programs
To: VaX#n8 <>
From: Bill Studenmund <>
List: tech-userlevel
Date: 08/26/2004 11:33:58
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Aug 20, 2004 at 07:14:10PM -0400, Thor Lancelot Simon wrote:
> On Fri, Aug 20, 2004 at 06:31:41PM -0400, VaX#n8 wrote:
> > In message <>, David Young writes:
> > >What do the suid programs do?  Why do they need to be suid at all?
> >=20
> > Cursory analysis:
> >=20
> > It appears the SUID programs need root to perform:
> >=20
> > mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
> >=20
> > This appears to be how TCFS pushes keys into the kernel for
> > use in decrypting files.
> Perhaps you should add another system call (or an ioctl?  given that
> we're working on files, that might make much more sense) that normal
> users can perform, instead of abusing the mount syscall this way.

I'd vote for a fcntl(). On NetBSD, there is a portion of the fcntl space=20
that is sent through to the fs, and a portion of that space is reserved=20
for fs-specific things. So just use that space for updating keys.

Check out F_FSCTL (indicates goes to fs), F_FSPRIV (fs-specific), and the=
other macros in sys/fcntl.h. Pick a letter, say 'T', for your fs and go=20
from there.

The advantage of an fcntl() for this stuff is that it will go to the fs=20
regardless of the node type - it still gets to the fs even for device=20

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)