Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Jun 2009 08:33:03 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        Alfred Perlstein <alfred@freebsd.org>
Cc:        Dag-Erling Sm??rgrav <des@des.no>, arch@freebsd.org
Subject:   Re: [PATCH] SYSV IPC ABI rototill
Message-ID:  <200906240833.04028.jhb@freebsd.org>
In-Reply-To: <20090623230501.GH84786@elvis.mu.org>
References:  <200906231341.43104.jhb@freebsd.org> <200906231706.33465.jhb@freebsd.org> <20090623230501.GH84786@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tuesday 23 June 2009 7:05:01 pm Alfred Perlstein wrote:
> * John Baldwin <jhb@freebsd.org> [090623 14:07] wrote:
> > On Tuesday 23 June 2009 4:52:09 pm Dag-Erling Sm??rgrav wrote:
> > > John Baldwin <jhb@freebsd.org> writes:
> > > > There have been a several issues with the existing ABI of the SYSV IPC 
> > > > structures over the past several years and it has been on the todo list for 
> > > > at least both 7.0 and 8.0.  Rather than putting it off until 9.0 I sat down 
> > > > and worked on it this week.
> > > 
> > > Have you given any thought to virtualization, i.e. separate namespaces
> > > for each jail?  Will your patch make this any easier or harder to
> > > implement?
> > 
> > It likely has zero effect on that.  The global variables one would need to
> > virtualize are unchanged by this.
> 
> John, would it make sense to check for overflow in ipcperm_new2old and return
> some error so that callers get back some nasty error so that they don't make
> a mistake about permissions when an overflow happens?
> 
> A crash/error sounds better than silent truncating of credential information,
> but I could be wrong.

Hmm, well, the truncation is what we have been doing all along for any users
who used UIDs > USHRT_MAX, so adding an error now would change the behavior
for existing binaries.  Also, the truncation does not affect the actual
permission checks (those are all done in the kernel), merely the reporting of
the associated IDs to userland.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906240833.04028.jhb>