Re: kern/29360: vfs.generic.usermount and mount(8) general questions

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,Andreas Wiese <andreas.wiese%inf.tu-dresden.de@localhost>
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
From: Antti Kantee <pooka%netbsd.org@localhost>
Date: Sun, 6 Sep 2009 18:25:02 +0000 (UTC)

The following reply was made to PR kern/29360; it has been noted by GNATS.

From: Antti Kantee <pooka%netbsd.org@localhost>
To: Elad Efrat <elad%NetBSD.org@localhost>
Cc: Manuel Bouyer <bouyer%antioche.eu.org@localhost>, 
gnats-bugs%netbsd.org@localhost,
        tech-kern%netbsd.org@localhost
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Date: Sun, 6 Sep 2009 21:21:06 +0300

 On Sun Sep 06 2009 at 13:02:02 -0400, Elad Efrat wrote:
 > I agree with Antti here about the sysctl, but I want to replace the
 > root check, eventually. What do you guys think about replacing the
 > owner/root check with a kauth action that does the same in a
 > bsd44-suser listener?

 Well, sounds sensible in general, but just some food-for-thought: I wonder
 how much of an "ufs syndrome" you are creating for security code, i.e. how
 difficult will it be to implement a security model without copypasting
 "bsd44" and modifying a few bits here and there and eventually ending
 up with 20 slightly different copies of whatever the secmodel equivalent
 of rename is?

Prev by Date: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Next by Date: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Previous by Thread: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Next by Thread: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Indexes:

Home | Main Index | Thread Index | Old Index