Re: CVS commit: src/sys

To: Alistair Crooks <agc%pkgsrc.org@localhost>
Subject: Re: CVS commit: src/sys
From: Thor Lancelot Simon <tls%rek.tjls.com@localhost>
Date: Sat, 23 Jun 2007 14:05:44 -0400

On Sat, Jun 23, 2007 at 06:37:20PM +0100, Alistair Crooks wrote:
> 
> As a software developer, my answer to your question would be "no - if
> the complete abstraction has been violated, then it will be harder to
> build models on top of kauth". Has the complete abstraction been violated,
> or just a part of it? Where is the documentation dealing with the
> abstractions, the ways it fits into other kernel code, and the direction
> forward for kauth?

The documentation is poor, but I think the design principle that's been
violated here is pretty obvious: don't expose kauth internals or security
model internals to other code in the kernel, because they will inevitably
abuse it.  Authentication data should only *ever* be handled via accessors.

We had that (albeit not in an ideally documented state) and changes like
the current one break it.  We should find a way to gain the performance
advantage of the current change without exposing knobs code outside kauth
has no business turning.

Thor

Follow-Ups:
- Re: CVS commit: src/sys
  - From: Elad Efrat

References:
- CVS commit: src/sys
  - From: David Laight
- Re: CVS commit: src/sys
  - From: Elad Efrat
- Re: CVS commit: src/sys
  - From: Alistair Crooks
- Re: CVS commit: src/sys
  - From: Elad Efrat
- Re: CVS commit: src/sys
  - From: Alistair Crooks

Prev by Date: CVS commit: [vmlocking] src/sys
Next by Date: CVS commit: [vmlocking] src/sys/kern
Previous by Thread: Re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys
Indexes:

Home | Main Index | Thread Index | Old Index