[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-tech-kern
Subject: Re: sysctl_proc_find() in kern_resource.c
From: yamt () mwd ! biglobe ! ne ! jp (YAMAMOTO Takashi)
Date: 2006-12-14 10:34:25
Message-ID: 20061214103425.7036711705 () yamt ! dyndns ! org
[Download RAW message or body]
> YAMAMOTO Takashi wrote:
> >> + /*
> >> + * suid proc of ours or proc not ours
> >> + */
> >> + if (kauth_cred_getuid(cred) != kauth_cred_getuid(p->p_cred) ||
> >> + kauth_cred_getuid(cred) != kauth_cred_getsvuid(p->p_cred))
> >> + result = KAUTH_RESULT_DENY;
> >> +
> >> + /*
> >> + * sgid proc has sgid back to us temporarily
> >> + */
> >> + else if (kauth_cred_getgid(p->p_cred) != kauth_cred_getsvgid(p->p_cred))
> >> + result = KAUTH_RESULT_DENY;
> >> +
> >> + /*
> >> + * our rgid must be in target's group list (ie,
> >> + * sub-processes started by a sgid process)
> >> + */
> >> + else {
> >> + int ismember = 0;
> >> +
> >> + if (kauth_cred_ismember_gid(cred,
> >> + kauth_cred_getgid(p->p_cred), &ismember) != 0 ||
> >> + !ismember)
> >> + result = KAUTH_RESULT_DENY;
> >> + }
> >> + break;
> >
> > please make this a subroutine, rather than duplicating the same code
> > into three places.
>
> several other parts of the bsd44 secmodel present some level of code
> duplication. do we want to handle this issue now, or wait with the
> introduction of a few kauth(9) helpers (for other purposes, too)?
>
> in the former case, please let me know how you want this function to
> be called and in what file it should be in. (my assumption: kern_auth.c,
> and we should have some semi-consistent naming, along with uidmatch).
i just meant a static function in secmodel_bsd44_suser.c.
otherwise, it's difficult (for me, at least) to check if
these "duplicated at a glance" code is really identical or not.
YAMAMOTO Takashi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic