Subject: Re: CVS commit: [elad-kernelauth] src/sys
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: source-changes
Date: 03/08/2006 18:12:15
YAMAMOTO Takashi wrote:

> because it's used often enough and easier to read?

No. It is not used often. In fact, in the *elad-kernelauth* branch
it is not used *at all*.

The whole idea is to, with time, change these KAUTH_GENERIC_ISSUSER
to something else -- think capabilities, etc., and moving away from
the "all or nothing" that has proved to be the weakest security
model ever designed, IMO.

Is it possible that you hold with this type of comments until more
of what I have in mind becomes actual code? what you are looking at
is the subsystem backend that was written while ago and a weekend
work of making the kernel conform the new KPI.

> its name doesn't imply anything about its usage.
> generally, exporting more symbols is a bad idea, esp. when
> its name is too generic like this.
> 
> i think it's better to make it static and
> move process_authorize to kern_auth.c.
> 
> also, for the same reason, function names in the TN
> (kauth_authorize_process/kauth_authorize_generic) are better
> than what you chose, IMO.

You are right -- for some reason I had vnode_authorize() in mind and I
do see it's the only wrapper called that way. I'll make the wrappers
for the generic/process scopes called kauth_authorize_{generic,process}.

-e.

-- 
Elad Efrat