tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Removing inpcbpolicy::priv



In article <4A035F69.8030808%NetBSD.org@localhost>, Elad Efrat  
<elad%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Hi,
>
>It looks like inpcbpolicy::priv is redundant.
>
>The PCB is always attached to a socket, and therefore we can use the uid
>stored in uidinfo for permissions check. In fact, the priv member is set
>by checking the uid from uidinfo.
>
>The other case the priv member is used is in ipsec_copy_pcbpolicy(),
>when copying a policy, called from syn_cache_get(). There, too, it seems
>it's redundant, as sonewconn() is called to create a new socket, which
>keeps the uidinfo.
>
>Therefore, I suggest the trivial diff attached -- please review.
>

But checking uid == 0 is not the kauth way...

christos



Home | Main Index | Thread Index | Old Index