Subject: CVS commit: src/sys/kern
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 09/15/2006 14:28:04
Module Name: src
Committed By: elad
Date: Fri Sep 15 14:28:04 UTC 2006
Modified Files:
src/sys/kern: kern_auth.c
Log Message:
Introduce a new flag we mark as TRUE when we load listeners, and change
the logic in kauth_authorize_action() to use it.
When we try to authorize a request and the flag is FALSE, it means a
kernel was compiled with no listeners (or we're in very early boot stages),
and we always allow the request because it's likely to be coming from the
kernel itself or from loading an LKM with the security model (later on).
Assert that if the "listeners have been loaded" flag is FALSE, there are
really no listeners for the scope we're authorizing on.
When the flag is TRUE (ie., listeners have been loaded) but they were
later removed, creating a scope with no listeners, the request will be
denied further down.
This allows us to have the security model compiled outside the NetBSD
kernel and later loaded as an LKM, without fearing an attack will just
remove listeners we loaded earlier to create a "fail open" situation.
Input from yamt@, thorpej@, gdt@, dan@.
Okay yamt@, thorpej@.
To generate a diff of this commit:
cvs rdiff -r1.21 -r1.22 src/sys/kern/kern_auth.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.