tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Silly question about ktrace(1) and non-root users

        Hello.  I agree.  AFter I figured out what was where, I think the
secmodel code is far easier to maintain.  But, getting my head around
things in a hurry for this one case meant it was easier for me to look at
the code when it was in a simpler state.
On Jun 21,  9:19am, Thor Lancelot Simon wrote:
} Subject: Re: Silly question about ktrace(1) and non-root users
} On Tue, Jun 21, 2011 at 07:55:37AM +0100, David Laight wrote:
} > On Mon, Jun 20, 2011 at 04:29:05PM -0700, Brian Buhrow wrote:
} > 
} > > For reference, I used the ktrcanset() function from kern_ktrace.c from
} > > NetBSD-3.0 sources because it was easier to read than following the chain
} > > of layers down through the secmodel infrastructure and finding where
} > > exactly the permission is denied in that machinery.
} > 
} > mmmm security through obscurity ...
} For what it's worth, I find reading the secmodel code very easy.  Much
} easier than reading the tangled logic around every open coded
} permission check that used to be in the tree.
} -- 
} Thor Lancelot Simon                        
}   "All of my opinions are consistent, but I cannot present them all
}    at once."  -Jean-Jacques Rousseau, On The Social Contract
>-- End of excerpt from Thor Lancelot Simon

Home | Main Index | Thread Index | Old Index