Subject: Re: mount(2) on kauth(9)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-kern
Date: 01/02/2007 03:13:32
> YAMAMOTO Takashi wrote:
>
> >> yeah. we'll have to keep the kauth_cred_t of the mounter in struct
> >> mount (note: this will have to be a copy, not a reference), then we
> >> could use these credentials in requests to whether respect or not
> >> suid bit, devices, etc.
> >>
> >> I think it's ugly. :)
> >>
> >> -e.
> >
> > what's the benefit to defer the decision, rather than having
> > additional two kauth calls in mount-time?
> >
> > YAMAMOTO Takashi
>
> for my reply, I'll assume you mean something like this:
>
> /* check if can mount */
> error = kauth_authorize_system(...);
> if (error)
> return;
>
> /* check if can keep priv'd flags */
> if (!(flags & (MOUNT_NOFOO|MOUNT_NOBAR))) {
> error = kauth_authorize_system(...);
> if (error) {
> flags |= (MOUNT_NOFOO|MOUNT_NOBAR);
> /* for update, keep MNT_NOEXEC... */
> }
> }
i think something like the following reflects the bsd44 model better.
how about this?
error = kauth_authorize_foo(CAN_CHANGE_CREDENTIAL_TO_ANY_USER);
if (error) {
if (error == EPERM) {
flags |= NOSUID;
} else {
return error;
}
}
error = kauth_authorize_foo(CAN_CREATE_DEVICEFILE);
/* KAUTH_SYSTEM_MKNOD? */
if (error) {
if (error == EPERM) {
flags |= NODEV;
} else {
return error;
}
}
YAMAMOTO Takashi