From owner-freebsd-arch  Wed Apr  4  8: 0: 7 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0A64D37B725; Wed,  4 Apr 2001 08:00:05 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f34Exx207071;
	Wed, 4 Apr 2001 07:59:59 -0700 (PDT)
Date: Wed, 4 Apr 2001 07:59:59 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Bruce Evans <bde@zeta.org.au>
Cc: Robert Watson <rwatson@FreeBSD.ORG>,
	Matt Dillon <dillon@earth.backplane.com>,
	Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG
Subject: Re: Eliminate crget() from nfs kernel code?
Message-ID: <20010404075959.S12164@fw.wintelcom.net>
References: <Pine.NEB.3.96L.1010403225735.7479E-100000@fledge.watson.org> <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org>; from bde@zeta.org.au on Wed, Apr 04, 2001 at 08:17:10PM +1000
X-all-your-base: are belong to us.
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Bruce Evans <bde@zeta.org.au> [010404 03:18] wrote:
> On Tue, 3 Apr 2001, Robert Watson wrote:
> 
> > On Tue, 3 Apr 2001, Matt Dillon wrote:
> > > :> Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR.  
> > > :> Maybe that'd be useful here ?
> > > :
> > > :Yes, it most likely would.
> > 
> > However, it still strikes me a bit as though this is a, ``Help, I need a
> > credential, someone find a credential'' as opposed to a, ``What credential
> > is the one we want to use here.'' My temptation here would be to try
> > temporarily switching to using p->p_ucred for the time being, and as Matt
> > indicated, watch closely for reports of any interoperability problems with
> > other implementations.  Right now, the code selects to make the call using
> > all available privilege: in a more contained environment, that might no
> > longer be appropriate.  Particularly if the ucred contains MAC integrity
> 
> access() crdup()'s the p_ucred so that the privilege can be modified.
> Would that help?

Yes, that's what no one else seems to get.  If you want to modify your
credential you must crdup() it first.  You can only modify a private
copy.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
Represent yourself, show up at BABUG http://www.babug.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message