Date: Sat, 18 Apr 1998 19:24:38 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Alex Nash <nash@mcs.net> Cc: regnauld@deepo.prosa.dk, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <Pine.BSF.3.96.980418191802.16484A-100000@trojanhorse.pr.watson.org> In-Reply-To: <199804182310.SAA03638@nash.pr.mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 Apr 1998, Alex Nash wrote:
> > Having just browsed the kernel source a little, it looks like indeed this
> > is currently implemented. The comment is a little obscure:
> >
> > /* only allow get calls if secure mode > 2 */
> > if (securelevel > 2) {
> > if (m) (void)m_free(m);
> > return(EPERM);
> >
> > But what it actually means is, only allow non-get calls if securemode > 2.
>
> Huh? It means what it says: only allow get calls if securelevel > 2.
Ugh. Combination of two problems. First, I interpretted the comment to
mean that get calls would only be allowed if the securelevel was > 2,
rather than the coded only get calls being allowed if securelevel was > 2.
I then promptly typed in the wrong thing in my "but what this actually
means", and meant to type, "But what it actually means is, only allow
non-get calls if securemove < 2".
The comment I believe can be interpretted both ways (I asked a few people
here to come read the comment and tell me which they thought it was). On
the otherhand, my typo is clearly incorrect. Either way, who cares, the
code is right. Logically ambiguous language :).
Robert N Watson
----
Carnegie Mellon University http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services http://www.safeport.com/
robert@fledge.watson.org http://www.watson.org/~robert/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980418191802.16484A-100000>