On Tue, Apr 21, 2009 at 3:34 AM, YAMAMOTO Takashi
<y...@mwd.biglobe.ne.jp> wrote:
> anyway, i don't like the "check KAUTH_GENERIC_ISSUSER first" style
> because it makes logging useless. ie. i prefer:
>
> foo()
> {
> :
> :
> :
> out:
> /*
> * use the power of the super user as a last resort.
> */
> if (error != 0) {
> int error2 = kauth_authorize_generic(ISSUSER);
>
> if (error2 == 0) {
> error = 0;
> }
> }
> return error;
> }
>
> how do you think?
I think you give too much weight to the current form of these functions. :)
For example, if we wanted to log all chmod/chown, we would have to have
the kauth(9) call first. On the other hand, some would say that is not
the goal of kauth(9) and we should use a different instrument for audit
trails/logging and such. Another point is that both in the current form
and your suggestion we can't have kauth(9) flip a decision based on a
policy.
The point is, what I care about with these changes is to reduce the
number of KAUTH_GENERIC_ISSUSER uses in the kernel and centralize
similar logic. There is no intention for any of that stuff to go in a
NetBSD release: it's just a step in the general direction.
That said, if you want the logic changed, I'll go ahead and change it.
Thanks,
-e.
