On Saturday, July 26, 2003, at 04:28  PM, Jonathan Stone wrote:

>> I don't see why you need to add another DTYPE_* constant for this.
>
> Maybe so. The security implications of crypto use make a separation
> from DTYPE_MISC ... well, justifiable, at the very least.

I don't understand why.  Are you saying you're going to put 
DTYPE_CRYPTO-specific handling into otherwise unrelated code?  That 
seems broken.  The code in the /dev/crypto driver can simply set the 
close-on-exec flags when it creates the new fd table entry.

> PS: it'd have been more helpful to raise the point back when I
> asked for comments and code review back April. Or anytime since.

Well, I apologize if I didn't have time to scour all the changes back 
then.  But that should not invalidate my concern about the change now.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>