From owner-freebsd-security  Sat Apr 18 16:24:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA25045
          for freebsd-security-outgoing; Sat, 18 Apr 1998 16:24:55 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA25036
          for <freebsd-security@freebsd.org>; Sat, 18 Apr 1998 23:24:51 GMT
          (envelope-from robert@cyrus.watson.org)
Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA10055;
	Sat, 18 Apr 1998 19:24:46 -0400 (EDT)
Date: Sat, 18 Apr 1998 19:24:38 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@trojanhorse.pr.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Alex Nash <nash@mcs.net>
cc: regnauld@deepo.prosa.dk, freebsd-security@FreeBSD.ORG
Subject: Re: kernel permissions
In-Reply-To: <199804182310.SAA03638@nash.pr.mcs.net>
Message-ID: <Pine.BSF.3.96.980418191802.16484A-100000@trojanhorse.pr.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Sat, 18 Apr 1998, Alex Nash wrote:

> > Having just browsed the kernel source a little, it looks like indeed this
> > is currently implemented.  The comment is a little obscure:
> > 
> >         /* only allow get calls if secure mode > 2 */
> >         if (securelevel > 2) {
> >                 if (m) (void)m_free(m);
> >                 return(EPERM);
> > 
> > But what it actually means is, only allow non-get calls if securemode > 2.
> 
> Huh?  It means what it says: only allow get calls if securelevel > 2.

Ugh.  Combination of two problems.  First, I interpretted the comment to
mean that get calls would only be allowed if the securelevel was > 2,
rather than the coded only get calls being allowed if securelevel was > 2.
I then promptly typed in the wrong thing in my "but what this actually
means", and meant to type, "But what it actually means is, only allow
non-get calls if securemove < 2".

The comment I believe can be interpretted both ways (I asked a few people
here to come read the comment and tell me which they thought it was).  On
the otherhand, my typo is clearly incorrect.  Either way, who cares, the
code is right.  Logically ambiguous language :).


  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message