Re: CVS commit: src/sys

To: Elad Efrat <e%murder.org@localhost>
Subject: Re: CVS commit: src/sys
From: Jachym Holecek <freza%NetBSD.org@localhost>
Date: Sat, 23 Jun 2007 18:51:32 +0200

[Stripping CC somewhat]

# Elad Efrat 2007-06-23:
> while the changes to get/setgroups syscall internals and compat calls
> will not change the user experience in any way, breaking kauth's opacity
> have direct and immediate implications in the form of not allowing much
> flexibility when implementing new security models that expand beyond
> what is currently allowed by bsd44.

Could you provide some specific examples of what was possible before
but will be impossible because of David's change?

> additionally, it is well worth pointing out that the benefit you
> introduced is orthogonal to breaking the interface's opacity, and could
> have been introduced either way.

I don't quite see how opacity gets harmed -- the group list was a flat
array before and it's still a flat array now...

        -- Jachym, just being curious.

Follow-Ups:
- Re: CVS commit: src/sys
  - From: Jason Thorpe
- Re: CVS commit: src/sys
  - From: Elad Efrat

References:
- CVS commit: src/sys
  - From: David Laight
- Re: CVS commit: src/sys
  - From: Elad Efrat
- Re: CVS commit: src/sys
  - From: Alistair Crooks
- Re: CVS commit: src/sys
  - From: Elad Efrat
- Re: CVS commit: src/sys
  - From: David Laight
- Re: CVS commit: src/sys
  - From: Elad Efrat

Prev by Date: CVS commit: src/sys/arch/i386/i386
Next by Date: CVS commit: src/usr.sbin/services_mkdb
Previous by Thread: Re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys
Indexes:

Home | Main Index | Thread Index | Old Index