Date: Thu, 15 Apr 1999 21:11:31 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@freebsd.org Subject: Re: POSIX.1E auditing support, an initial pass and some questions Message-ID: <1779.924203491@critter.freebsd.dk> In-Reply-To: Your message of "Mon, 12 Apr 1999 09:39:31 EDT." <Pine.BSF.3.96.990412092814.11402E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>I had suspected (and observed) as much. What is the rational behind >having the name lookup pull the pathname into the kernel as opposed to >using a copyin in the syscall and passing it in as an argument? >Presumably someone, somewhere has to allocate space on the stack, and if >it's done in the syscall function then more argument processing is done in >one place? This would make at least a bit more available to an auditing >layer in the syscall. I think it is an old thing, conserving kernel memory. Indeed it may not make sense today where the vfs-name-cache is so much more efficient. Changing it may be a PITA. >I'm not sure if you've had a chance to look at the POSIX.1e draft or my >man pages for it. The man pages are online on by POSIX.1e page as part of >the tarball containing the first pass. The API is completely documented, >but I still have to document the audit event types and what they expect to >be reported. Sorry, no, time is a scarce resource for me these days... -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1779.924203491>