tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Removing inpcbpolicy::priv
In article <4A035F69.8030808%NetBSD.org@localhost>, Elad Efrat
<elad%NetBSD.org@localhost> wrote:
>-=-=-=-=-=-
>
>Hi,
>
>It looks like inpcbpolicy::priv is redundant.
>
>The PCB is always attached to a socket, and therefore we can use the uid
>stored in uidinfo for permissions check. In fact, the priv member is set
>by checking the uid from uidinfo.
>
>The other case the priv member is used is in ipsec_copy_pcbpolicy(),
>when copying a policy, called from syn_cache_get(). There, too, it seems
>it's redundant, as sonewconn() is called to create a new socket, which
>keeps the uidinfo.
>
>Therefore, I suggest the trivial diff attached -- please review.
>
But checking uid == 0 is not the kauth way...
christos
Home |
Main Index |
Thread Index |
Old Index