Gregory McGarry wrote:

> I have to wonder how well the kauth changes were reviewed. 

how is kauth related to this bug? this is a misuse of the interface. for
the sake of the answer, I'll assume you mean the secmodel changes.

anyhow, the whole purpose of secmodel(9) is to make bugs like this
impossible. if the logic has to be done in each private case (horrible
bsd kernel code), security issues are bound to happen -- there is more
duplication, it's harder to track and keep consistent behavior, etc.

so while your concern is justified, I believe it is misdirected. what
you should really ask is "when are we moving all security decision
making logic to the secmodel code" -- and that is work in progress you
can help with, given your developer status.

> Are there any other serious vunerabilities likely to arise?

you haven't seen much of kernel code if you classify this as a
serious vulnerability. :)

-e.