From owner-freebsd-arch Wed Apr 4 3:18:32 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 1D77F37B724; Wed, 4 Apr 2001 03:18:29 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id UAA23032; Wed, 4 Apr 2001 20:18:24 +1000 Date: Wed, 4 Apr 2001 20:17:10 +1000 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: Robert Watson Cc: Matt Dillon , Alfred Perlstein , Brian Somers , freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 3 Apr 2001, Robert Watson wrote: > On Tue, 3 Apr 2001, Matt Dillon wrote: > > :> Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR. > > :> Maybe that'd be useful here ? > > : > > :Yes, it most likely would. > > However, it still strikes me a bit as though this is a, ``Help, I need a > credential, someone find a credential'' as opposed to a, ``What credential > is the one we want to use here.'' My temptation here would be to try > temporarily switching to using p->p_ucred for the time being, and as Matt > indicated, watch closely for reports of any interoperability problems with > other implementations. Right now, the code selects to make the call using > all available privilege: in a more contained environment, that might no > longer be appropriate. Particularly if the ucred contains MAC integrity access() crdup()'s the p_ucred so that the privilege can be modified. Would that help? Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message