On Sun, Jul 19, 2009 at 4:38 PM, Marc Balmer<marc%msys.ch@localhost> wrote:
of course. for every ioctl I call kauth, i just do it a few cpu
cycles
before the action. I see no problem with this.
It's a problem because you're authorizing an action you don't
necessarily take. Think, for example, of a logging listener that will
log "euid 1000 tried to set a pin", whereas the latter only read from
a pin that was already set.
There are several ways to solve this. Some commands always require
"pinset", so you can collect them all together in a new switch
statement that authorizes the action for them at the top before
proceeding to the switch statement that handles the commands
themselves (we do that in some places). Alternatively, you could just
replace every "pinset" check with a kauth(9) call. There's nothing
wrong with multiple kauth(9) calls.
Also... I just noticed that you pass "pinset" to a function
implementing the old API -- that, too, has to go. :/