Discussion:
kauth and socket calls (esp. bind())
(too old to reply)
Elad Efrat
2010-04-08 22:25:15 UTC
Permalink
Listeners might sleep, so no locks can be held when calling
an authorization wrapper.
solock(so);
error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
NULL, l);
sounlock(so);
kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
sin, NULL)
Um. Is it the documentation or the code which should be corrected?
The idea is to encourage developers to structure code so that kauth(9)
calls are made with ideally no locks etc. held, but like the man-page
states, kauth(9) is under development.
I'm not sure I grasp how things like the filesystem or device scopes could
even really work if you can't make kauth calls with locks held.
Which is why kauth(9) isn't yet fully integrated. (See e.g. tmpfs code
as the only file-system using kauth(9)) Perhaps you can step up to the
plate and address those issues.

-e.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Joerg Sonnenberger
2010-04-09 12:25:29 UTC
Permalink
I'm not sure I grasp how things like the filesystem or device scopes could
even really work if you can't make kauth calls with locks held.
It cannot work without locks held in various places.
What it should say is that kauth itself must not take locks..
That doesn't work either for the interesting advanced security models
either. E.g. an implementation of zones/jails must be able to protect
access to the global data structures.

Joerg

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Thor Lancelot Simon
2010-04-09 15:02:31 UTC
Permalink
Do you think authorization is the correct tool to implement the classic
bits of zones/jails? I certainly don't. What other examples are there?
Having just done a good bit of it yesterday, I think it's an okay tool
for it. It certainly makes the work very quick.

There are a number of things about kauth that annoy me -- *particularly*
the handling of argument types -- but, with some trivial fixes to 'overlay',
it does make building minor or even major variations on the
"traditional" security model pretty easy.
--
Thor Lancelot Simon ***@rek.tjls.com
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...