Date: Wed, 24 Jun 2009 08:32:36 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: John Baldwin <jhb@freebsd.org> Cc: Dag-Erling Sm??rgrav <des@des.no>, arch@freebsd.org Subject: Re: [PATCH] SYSV IPC ABI rototill Message-ID: <20090624153236.GN84786@elvis.mu.org> In-Reply-To: <200906240833.04028.jhb@freebsd.org> References: <200906231341.43104.jhb@freebsd.org> <200906231706.33465.jhb@freebsd.org> <20090623230501.GH84786@elvis.mu.org> <200906240833.04028.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* John Baldwin <jhb@freebsd.org> [090624 07:23] wrote: > On Tuesday 23 June 2009 7:05:01 pm Alfred Perlstein wrote: > > * John Baldwin <jhb@freebsd.org> [090623 14:07] wrote: > > > On Tuesday 23 June 2009 4:52:09 pm Dag-Erling Sm??rgrav wrote: > > > > John Baldwin <jhb@freebsd.org> writes: > > > > > There have been a several issues with the existing ABI of the SYSV IPC > > > > > structures over the past several years and it has been on the todo list for > > > > > at least both 7.0 and 8.0. Rather than putting it off until 9.0 I sat down > > > > > and worked on it this week. > > > > > > > > Have you given any thought to virtualization, i.e. separate namespaces > > > > for each jail? Will your patch make this any easier or harder to > > > > implement? > > > > > > It likely has zero effect on that. The global variables one would need to > > > virtualize are unchanged by this. > > > > John, would it make sense to check for overflow in ipcperm_new2old and return > > some error so that callers get back some nasty error so that they don't make > > a mistake about permissions when an overflow happens? > > > > A crash/error sounds better than silent truncating of credential information, > > but I could be wrong. > > Hmm, well, the truncation is what we have been doing all along for any users > who used UIDs > USHRT_MAX, so adding an error now would change the behavior > for existing binaries. Also, the truncation does not affect the actual > permission checks (those are all done in the kernel), merely the reporting of > the associated IDs to userland. OK, thank you for explaining. -- - Alfred Perlstein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090624153236.GN84786>