Re: NKE: priv and non-priv access
Re: NKE: priv and non-priv access
- Subject: Re: NKE: priv and non-priv access
- From: Terry Lambert <email@hidden>
- Date: Fri, 28 Oct 2005 19:01:59 -0700
On Oct 28, 2005, at 5:28 PM, Arno Hautala wrote:
Excellent, thanks for the tips.
Is either method "better" or "more secure"? I'd expect different
people to have preferences, but are there any notable pros/cons for
these?
Without having actually started either method it seems like the
second would be the simpler implementation.
1) Register two kernel controls, one that requires root and one
that doesn't.
2) Check for root before performing an operation that requires root.
IMO, registering twice is better.
If you use proc_suser() directly like this, it will potentially not
operate correctly for proxy operations (operations performed by a
kernel thread/process on behalf of another process), if you ever want
to support those.
We may also provide a finer granularity mechanism for privilege
separation in the future. If that happens, then using the "register
twice" method will get you integration for free, whereas using the
root user check will leave you requiring escalated privileges for
your application, which could maybe be made safer.
As a general note, almost the only places in the kernel, at least as
supplied by us, that directly use the proc_suser() API are networking
related at this point. I expect they will be rolled over to kauth at
some point in the future.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden