Discussion:
Removing inpcbpolicy::priv
(too old to reply)
Elad Efrat
2009-05-07 22:23:37 UTC
Permalink
Hi,

It looks like inpcbpolicy::priv is redundant.

The PCB is always attached to a socket, and therefore we can use the uid
stored in uidinfo for permissions check. In fact, the priv member is set
by checking the uid from uidinfo.

The other case the priv member is used is in ipsec_copy_pcbpolicy(),
when copying a policy, called from syn_cache_get(). There, too, it seems
it's redundant, as sonewconn() is called to create a new socket, which
keeps the uidinfo.

Therefore, I suggest the trivial diff attached -- please review.

Thanks,

-e.
Christos Zoulas
2009-05-08 12:00:56 UTC
Permalink
-=-=-=-=-=-
Hi,
It looks like inpcbpolicy::priv is redundant.
The PCB is always attached to a socket, and therefore we can use the uid
stored in uidinfo for permissions check. In fact, the priv member is set
by checking the uid from uidinfo.
The other case the priv member is used is in ipsec_copy_pcbpolicy(),
when copying a policy, called from syn_cache_get(). There, too, it seems
it's redundant, as sonewconn() is called to create a new socket, which
keeps the uidinfo.
Therefore, I suggest the trivial diff attached -- please review.
But checking uid == 0 is not the kauth way...

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Elad Efrat
2009-05-08 13:45:30 UTC
Permalink
Post by Christos Zoulas
-=-=-=-=-=-
Hi,
It looks like inpcbpolicy::priv is redundant.
The PCB is always attached to a socket, and therefore we can use the uid
stored in uidinfo for permissions check. In fact, the priv member is set
by checking the uid from uidinfo.
The other case the priv member is used is in ipsec_copy_pcbpolicy(),
when copying a policy, called from syn_cache_get(). There, too, it seems
it's redundant, as sonewconn() is called to create a new socket, which
keeps the uidinfo.
Therefore, I suggest the trivial diff attached -- please review.
But checking uid == 0 is not the kauth way...
Ideally we should use the socket credentials, but until we figure out
how to implement them properly (see thread in tech-kern@) we need to use
something else... falling back to uidinfo makes sure it won't go
unnoticed in future greps once we have socket credentials in place. :)

-e.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Elad Efrat
2009-05-12 01:43:24 UTC
Permalink
My original suggestion on this thread uncovered a bigger issue that we
need to work out. As I will bring it up for discussion at a later time,
please consider the diff proposed and the idea in general withdrawn for
the time being.

Thanks,

-e.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...