From owner-freebsd-arch@FreeBSD.ORG Wed Jun 24 14:23:24 2009 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03E5D1065760; Wed, 24 Jun 2009 14:23:23 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 458BD8FC24; Wed, 24 Jun 2009 14:23:23 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net [66.111.2.69]) by cyrus.watson.org (Postfix) with ESMTPSA id E856446B49; Wed, 24 Jun 2009 10:23:22 -0400 (EDT) Received: from jhbbsd.hudson-trading.com (unknown [209.249.190.8]) by bigwig.baldwin.cx (Postfix) with ESMTPA id DBEE28A089; Wed, 24 Jun 2009 10:23:21 -0400 (EDT) From: John Baldwin To: Alfred Perlstein Date: Wed, 24 Jun 2009 08:33:03 -0400 User-Agent: KMail/1.9.7 References: <200906231341.43104.jhb@freebsd.org> <200906231706.33465.jhb@freebsd.org> <20090623230501.GH84786@elvis.mu.org> In-Reply-To: <20090623230501.GH84786@elvis.mu.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906240833.04028.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1 (bigwig.baldwin.cx); Wed, 24 Jun 2009 10:23:21 -0400 (EDT) X-Virus-Scanned: clamav-milter 0.95.1 at bigwig.baldwin.cx X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx Cc: Dag-Erling Sm??rgrav , arch@freebsd.org Subject: Re: [PATCH] SYSV IPC ABI rototill X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 14:23:25 -0000 On Tuesday 23 June 2009 7:05:01 pm Alfred Perlstein wrote: > * John Baldwin [090623 14:07] wrote: > > On Tuesday 23 June 2009 4:52:09 pm Dag-Erling Sm??rgrav wrote: > > > John Baldwin writes: > > > > There have been a several issues with the existing ABI of the SYSV IPC > > > > structures over the past several years and it has been on the todo list for > > > > at least both 7.0 and 8.0. Rather than putting it off until 9.0 I sat down > > > > and worked on it this week. > > > > > > Have you given any thought to virtualization, i.e. separate namespaces > > > for each jail? Will your patch make this any easier or harder to > > > implement? > > > > It likely has zero effect on that. The global variables one would need to > > virtualize are unchanged by this. > > John, would it make sense to check for overflow in ipcperm_new2old and return > some error so that callers get back some nasty error so that they don't make > a mistake about permissions when an overflow happens? > > A crash/error sounds better than silent truncating of credential information, > but I could be wrong. Hmm, well, the truncation is what we have been doing all along for any users who used UIDs > USHRT_MAX, so adding an error now would change the behavior for existing binaries. Also, the truncation does not affect the actual permission checks (those are all done in the kernel), merely the reporting of the associated IDs to userland. -- John Baldwin