Subject: Re: Integrating securelevel and kauth(9)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: tech-security
Date: 03/26/2006 04:40:33
> > i meant, eg. you can write an listener like the following and
> > register it to KAUTH_SCOPE_PROCESS scope, to replace securelevel checks
> > in sys_ptrace() and process_checkioperm().
> >
> > int
> > securelevel_process_listener_callback(....)
> > {
> > switch () {
> > case KAUTH_PROCESS_CANPTRACE:
> > case KAUTH_PROCESS_CANIO:
> > if (p == initproc && securelevel > -1) {
> > return KAUTH_RESULT_DENY;
> > }
> > }
> > return KAUTH_RESULT_DEFER;
> > }
>
> But you lose the ability to set custom knobs, as was already previously
> discussed... (because you have only one securelevel variable, and not
> where to store indication on which knobs are raised or not)
sorry, i think i missed the previous discussion.
can you give me a pointer to it? was it in this thread?
i'm not sure what's "custom knobs".
> Another consideration is that the number of listeners can directly
> affect the performance of an authorization request for a given scope.
> That said, we might want to add the "KAUTH_PROCESS_CANIO", for example,
> to the default listener for the process scope, instead of creating a new
> listener for securelevel-related operations.
maybe.
because coalescing listeners is merely an optimization,
it's better to postpone it until we measure performance impacts, i guess.
> > for the case of "filter rule modification", you can write another listener for
> > the scope which covers the operation.
> > yes, you need to create an appropriate scope, i think.
>
> Yes, a network scope.. and, as a side-note, I'm pretty sure we could use
> kauth(9) to do what pfil(9) is doing now, but this is a rather critical
> part that'll have to go under some serious performance tests if we ever
> think in that direction. :)
i'm pretty sure it's an abuse of the interface. :)
YAMAMOTO Takashi