Date: Wed, 4 Apr 2001 20:17:10 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: Matt Dillon <dillon@earth.backplane.com>, Alfred Perlstein <bright@wintelcom.net>, Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? Message-ID: <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org> In-Reply-To: <Pine.NEB.3.96L.1010403225735.7479E-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 3 Apr 2001, Robert Watson wrote: > On Tue, 3 Apr 2001, Matt Dillon wrote: > > :> Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR. > > :> Maybe that'd be useful here ? > > : > > :Yes, it most likely would. > > However, it still strikes me a bit as though this is a, ``Help, I need a > credential, someone find a credential'' as opposed to a, ``What credential > is the one we want to use here.'' My temptation here would be to try > temporarily switching to using p->p_ucred for the time being, and as Matt > indicated, watch closely for reports of any interoperability problems with > other implementations. Right now, the code selects to make the call using > all available privilege: in a more contained environment, that might no > longer be appropriate. Particularly if the ucred contains MAC integrity access() crdup()'s the p_ucred so that the privilege can be modified. Would that help? Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104042016440.39349-100000>