From owner-freebsd-arch Mon Feb 5 15:25:21 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 62F2B37B698; Mon, 5 Feb 2001 15:25:03 -0800 (PST) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id KAA03439; Tue, 6 Feb 2001 10:24:59 +1100 Date: Tue, 6 Feb 2001 10:24:39 +1100 (EST) From: Bruce Evans X-Sender: bde@besplex.bde.org To: Robert Watson Cc: Nathan Gould , freebsd-arch@FreeBSD.ORG Subject: Re: Tests for NULL p_ucred under p_cred -- are they needed? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 5 Feb 2001, Robert Watson wrote: > In any case, there seems to be some inconsistency. It would seem that > either (a) it is an invariant that p_cred is non-NULL for all reachable > processes via various process lists (except unused processes), (b) it's an > invariant that p_cred is non-NULL between the end of fork1() and the > beginning of exit(), and that p_cred is therefore always defined if you're > acting on behalf of the process, but not necessarily if you're acting on > the process. > > Clearly, (1) would make life easier, and mean we could remove a fair > number of checks. However, it may be that (b) is the case, in which case > the signal code might require fixing, or the invariants it depends on at > least require documenting. This relevant also as I overhaul the process > access control routines, because I need to know if it's possible to have > processes without credentials, and if so, what it means. p_cred is actually non-NULL until the middle of wait1(), so we are at least close to case (a), and processes "always" have credentials -- even zombies have them. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message