Subject: Re: CVS commit: src/sys
To: Jachym Holecek <freza@NetBSD.org>
From: Elad Efrat <e@murder.org>
List: tech-security
Date: 06/23/2007 20:11:18
Jachym Holecek wrote:
> [Stripping CC somewhat]
adding cc back. this is very relevant to all lists, and potentially
current-users@ and netbsd-users@ as well, as this damages a framework
in -current and future releases if it stays in the tree.
>
> # Elad Efrat 2007-06-23:
>> while the changes to get/setgroups syscall internals and compat calls
>> will not change the user experience in any way, breaking kauth's opacity
>> have direct and immediate implications in the form of not allowing much
>> flexibility when implementing new security models that expand beyond
>> what is currently allowed by bsd44.
>
> Could you provide some specific examples of what was possible before
> but will be impossible because of David's change?
>
>> additionally, it is well worth pointing out that the benefit you
>> introduced is orthogonal to breaking the interface's opacity, and could
>> have been introduced either way.
>
> I don't quite see how opacity gets harmed -- the group list was a flat
> array before and it's still a flat array now...
you're now getting a pointer to an internal buffer where you can change
it directly without going through the interface.
and again, my frustration is not only with random developers breaking
critical kernel interfaces for stupid reasons with implications beyond
their understanding, but the process in which this breakage is
introduced: zero discussion.
fwiw, when I integrated kauth, I had to modify some hp-ux compat code.
at the time it was clear hp-ux compat code is unmaintained, dead, and
probably not even used by anyone. furthermore: some developers suggested
to nuke it altogether. still, I went through hoops to get my changes
approved by at least two people.
you can't say any of the above about kauth. what's your justification
for not discussing these changes?
-e.