Date: Wed, 4 Apr 2001 07:59:59 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: Bruce Evans <bde@zeta.org.au> Cc: Robert Watson <rwatson@FreeBSD.ORG>, Matt Dillon <dillon@earth.backplane.com>, Brian Somers <brian@Awfulhak.org>, freebsd-arch@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? Message-ID: <20010404075959.S12164@fw.wintelcom.net> In-Reply-To: <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org>; from bde@zeta.org.au on Wed, Apr 04, 2001 at 08:17:10PM %2B1000 References: <Pine.NEB.3.96L.1010403225735.7479E-100000@fledge.watson.org> <Pine.BSF.4.21.0104042016440.39349-100000@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Bruce Evans <bde@zeta.org.au> [010404 03:18] wrote: > On Tue, 3 Apr 2001, Robert Watson wrote: > > > On Tue, 3 Apr 2001, Matt Dillon wrote: > > > :> Solaris has a ``kcred'' global - wrapped with a CRED() macro AFAIR. > > > :> Maybe that'd be useful here ? > > > : > > > :Yes, it most likely would. > > > > However, it still strikes me a bit as though this is a, ``Help, I need a > > credential, someone find a credential'' as opposed to a, ``What credential > > is the one we want to use here.'' My temptation here would be to try > > temporarily switching to using p->p_ucred for the time being, and as Matt > > indicated, watch closely for reports of any interoperability problems with > > other implementations. Right now, the code selects to make the call using > > all available privilege: in a more contained environment, that might no > > longer be appropriate. Particularly if the ucred contains MAC integrity > > access() crdup()'s the p_ucred so that the privilege can be modified. > Would that help? Yes, that's what no one else seems to get. If you want to modify your credential you must crdup() it first. You can only modify a private copy. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] Represent yourself, show up at BABUG http://www.babug.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010404075959.S12164>