From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  3 23:41:04 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE14D16A446;
	Mon,  3 Apr 2006 23:41:04 +0000 (UTC) (envelope-from scrappy@hub.org)
Received: from hub.org (hub.org [200.46.204.220])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4C91543D4C;
	Mon,  3 Apr 2006 23:41:04 +0000 (GMT) (envelope-from scrappy@hub.org)
Received: from localhost (av.hub.org [200.46.204.144])
	by hub.org (Postfix) with ESMTP id 369428244C2;
	Mon,  3 Apr 2006 20:40:59 -0300 (ADT)
Received: from hub.org ([200.46.204.220])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 79086-08; Mon,  3 Apr 2006 20:41:03 -0300 (ADT)
Received: from ganymede.hub.org (blk-222-82-85.eastlink.ca [24.222.82.85])
	by hub.org (Postfix) with ESMTP id B858B82447F;
	Mon,  3 Apr 2006 20:40:58 -0300 (ADT)
Received: by ganymede.hub.org (Postfix, from userid 1000)
	id 7758C3CEBC; Mon,  3 Apr 2006 20:41:06 -0300 (ADT)
Received: from localhost (localhost [127.0.0.1])
	by ganymede.hub.org (Postfix) with ESMTP id 734C63C95D;
	Mon,  3 Apr 2006 20:41:06 -0300 (ADT)
Date: Mon, 3 Apr 2006 20:41:06 -0300 (ADT)
From: "Marc G. Fournier" <scrappy@hub.org>
To: Robert Watson <rwatson@FreeBSD.org>
In-Reply-To: <20060403234918.X76562@fledge.watson.org>
Message-ID: <20060403204031.V947@ganymede.hub.org>
References: <Pine.GSO.4.43.0604031454030.22397-100000@sea.ntplx.net>
	<20060403163039.O947@ganymede.hub.org>
	<20060403234918.X76562@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: by amavisd-new at hub.org
Cc: Daniel Eischen <deischen@freebsd.org>,
	Peter Jeremy <peterjeremy@optushome.com.au>, freebsd-stable@freebsd.org
Subject: Re: [HACKERS] semaphore usage "port based"?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2006 23:41:05 -0000

yOn Mon, 3 Apr 2006, Robert Watson wrote:

>
> On Mon, 3 Apr 2006, Marc G. Fournier wrote:
>
>> This falls under "well,we broke kill() so that it now reports a PID is not 
>> in use even though it is, so its has to be the application that fixes it" 
>> ... and you *still* haven't shown *why* kill() reporting a PID is in use, 
>> even if its not in the current jail, is such a security threat ...
>
> It is an issue of completeness and consistency.  We implement a single set of 
> access control checks between processes, and try to avoid exceptions to them. 
> This is one of my largest architectural gripes about access control in 4.x, 
> actually: everywhere you look, the same "check" is implemented differently. 
> Sometimes signal checks are done way, other times, other ways.  Likewise, 
> debugging, monitoring, etc.  In 5.x forward, we use a centralized set of 
> access control checks in order to provide consistent, reliable, and easy to 
> analyze policy.  The more exceptions we introduced, the further we get from 
> that goal.

Agreed, in principle ... its just locking down something without a way 
around it is ... painful :(

----
Marc G. Fournier           Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org           Yahoo!: yscrappy              ICQ: 7615664