tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kauth and socket calls (esp. bind())



According to kauth(9):

             Listeners might sleep, so no locks can be held when calling
             an authorization wrapper.

According to uipc_socket.c:sobind():

             solock(so);
             error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
                      NULL, l);
             sounlock(so);

According to in_pcb.c:in_pcbbind():

             kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
                                     KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
                                     sin, NULL)

Um.  Is it the documentation or the code which should be corrected?

I'm not sure I grasp how things like the filesystem or device scopes could
even really work if you can't make kauth calls with locks held.

-- 
Thor Lancelot Simon                                    
tls%rek.tjls.com@localhost
  "All of my opinions are consistent, but I cannot present them all
   at once."    -Jean-Jacques Rousseau, On The Social Contract


Home | Main Index | Thread Index | Old Index