Date: Fri, 2 Nov 2001 08:41:07 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_prot.c Message-ID: <200111021641.fA2Gf7d94698@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/11/02 08:41:07 PST
Modified files:
sys/kern kern_prot.c
Log:
o Add a comment to p_candebug() noting that the P_INEXEC check should
really be moved elsewhere: p_candebug() encapsulates the security
policy decision, whereas the P_INEXEC check has to do with "correctness"
regarding race conditions, rather than security policy.
Example: even if no security protections were enforced (the "uids are
advisory" model), removing P_INEXEC could result in incorrect operation
due to races on credential evaluation and modification during execve().
Obtained from: TrustedBSD Project
Revision Changes Path
1.119 +6 -1 src/sys/kern/kern_prot.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111021641.fA2Gf7d94698>