tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kauth and socket calls (esp. bind())
According to kauth(9):
Listeners might sleep, so no locks can be held when calling
an authorization wrapper.
According to uipc_socket.c:sobind():
solock(so);
error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
NULL, l);
sounlock(so);
According to in_pcb.c:in_pcbbind():
kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
sin, NULL)
Um. Is it the documentation or the code which should be corrected?
I'm not sure I grasp how things like the filesystem or device scopes could
even really work if you can't make kauth calls with locks held.
--
Thor Lancelot Simon
tls%rek.tjls.com@localhost
"All of my opinions are consistent, but I cannot present them all
at once." -Jean-Jacques Rousseau, On The Social Contract
Home |
Main Index |
Thread Index |
Old Index