Re: CVS commit: src/sys/kern

To: ad%netbsd.org@localhost
Subject: Re: CVS commit: src/sys/kern
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Sun, 23 Mar 2008 20:01:46 +0200

Hello,

Andrew Doran wrote:

Module Name:    src
Committed By:   ad
Date:           Sun Mar 23 17:40:25 UTC 2008

Modified Files:
        src/sys/kern: kern_fork.c

Log Message:
Undo 1.150 (Don't make root an exception when enforcing rlimits). No other
Unix behaves this way and it breaks too many things, e.g. web servers.


Was it that critical that this had to go in without any discussion
and/or okay from other people? you re-introduced a uid 0 check with
this commit, despite the fact I've asked not to numerous times.

There are other people who are developing on top of this framework.
With introducing uid 0 checks you are potentially breaking other
peoples' code.

Can you elaborate on what breaks? can you elaborate on why this couldn't
have been done through kauth? the reason there is no kauth backend for
rlimits is that opinions expressed in the past suggested root shouldn't
be an exception to *enforcement*, but rather allowed to bump it up as
much as desired.

If you're claiming that allowing consumption of resources that might
crash the machine is better than denying it, then that too needs
discussion.

-e.

Follow-Ups:
- Re: CVS commit: src/sys/kern
  - From: Andrew Doran
- re: CVS commit: src/sys/kern
  - From: matthew green

References:
- CVS commit: src/sys/kern
  - From: Andrew Doran

Prev by Date: Re: CVS commit: src/sys
Next by Date: re: CVS commit: src/sys/kern
Previous by Thread: CVS commit: src/sys/kern
Next by Thread: re: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index