Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 Apr 2001 20:17:10 +1000 (EST)
From:      Bruce Evans <bde@zeta.org.au>
To:        Robert Watson <rwatson@FreeBSD.ORG>
Cc:        Matt Dillon <dillon@earth.backplane.com>, Alfred Perlstein <bright@wintelcom.net>, Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG
Subject:   Re: Eliminate crget() from nfs kernel code?
Message-ID:  <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org>
In-Reply-To: <Pine.NEB.3.96L.1010403225735.7479E-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 3 Apr 2001, Robert Watson wrote:

> On Tue, 3 Apr 2001, Matt Dillon wrote:
> > :> Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR.  
> > :> Maybe that'd be useful here ?
> > :
> > :Yes, it most likely would.
> 
> However, it still strikes me a bit as though this is a, ``Help, I need a
> credential, someone find a credential'' as opposed to a, ``What credential
> is the one we want to use here.'' My temptation here would be to try
> temporarily switching to using p->p_ucred for the time being, and as Matt
> indicated, watch closely for reports of any interoperability problems with
> other implementations.  Right now, the code selects to make the call using
> all available privilege: in a more contained environment, that might no
> longer be appropriate.  Particularly if the ucred contains MAC integrity

access() crdup()'s the p_ucred so that the privilege can be modified.
Would that help?

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104042016440.39349-100000>