re: Addition to kauth(9) framework

To: matthew green <mrg%eterna.com.au@localhost>, yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Subject: re: Addition to kauth(9) framework
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Mon, 29 Aug 2011 09:19:11 -0400

On Aug 29,  7:54pm, mrg%eterna.com.au@localhost (matthew green) wrote:
-- Subject: re: Addition to kauth(9) framework

| 
| > > In article <20110829003259.913F014A289%mail.netbsd.org@localhost>,
| > > YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost> wrote:
| > >>hi,
| > >>
| > >>> I'd like to apply the attached patch.
| > >>> It implements two things:
| > >>> 
| > >>> - chroot(2)-ed process is given new kauth_cred_t with reference count
| > >>>   equal to 1.
| > >>
| > >>can you find a way to avoid this?
| > >>
| > >>YAMAMOTO Takashi
| > > 
| > > He tried and I think that this is the minimal hook he needs.
| > 
| > do you mean that we need to unshare the credential unconditionally,
| > regardless his module is used or not?  why?
| 
| maybe it's just me, but i actually have absolutely no problem
| with chroot unsharing kauth_cred_t by default.  it just seems
| to have more generic safety aspects.

I share the same sentiment; I don't see the change as a big deal.

christos

Follow-Ups:
- Re: Addition to kauth(9) framework
  - From: Alistair Crooks

References:
- re: Addition to kauth(9) framework
  - From: matthew green

Prev by Date: Re: CVS commit: src/sys/arch/xen
Next by Date: Re: CVS commit: src/sys/arch/xen
Previous by Thread: re: Addition to kauth(9) framework
Next by Thread: Re: Addition to kauth(9) framework
Indexes:

Home | Main Index | Thread Index | Old Index