tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kauth and socket calls (esp. bind())



Thor Lancelot Simon wrote:
According to kauth(9):

             Listeners might sleep, so no locks can be held when calling
             an authorization wrapper.

According to uipc_socket.c:sobind():

             solock(so);
             error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam,
                      NULL, l);
             sounlock(so);

According to in_pcb.c:in_pcbbind():

             kauth_authorize_network(cred, KAUTH_NETWORK_BIND,
                                     KAUTH_REQ_NETWORK_BIND_PRIVPORT, so,
                                     sin, NULL)

Um.  Is it the documentation or the code which should be corrected?

The idea is to encourage developers to structure code so that kauth(9)
calls are made with ideally no locks etc. held, but like the man-page
states, kauth(9) is under development.

I'm not sure I grasp how things like the filesystem or device scopes could
even really work if you can't make kauth calls with locks held.

Which is why kauth(9) isn't yet fully integrated. (See e.g. tmpfs code
as the only file-system using kauth(9)) Perhaps you can step up to the
plate and address those issues.

-e.



Home | Main Index | Thread Index | Old Index