Lists

Open Menu Close Menu

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Kext suspension question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kext suspension question

Subject: Re: Kext suspension question
From: Terry Lambert <email@hidden>
Date: Fri, 5 Jan 2007 20:02:28 -0800

On Jan 5, 2007, at 7:02 PM, Greg wrote:

Hi, I'm writing a kext that uses the kauth facilities and was wondering whether it is possible to wait for user input from a userland application connected to the kext through an IOUserClient object in the middle of making the decision of whether or not a file system operation will be allowed. Essentially I would like to send a notification to the user in my kauth_listener function, wait for their decision, and then decide based on that whether to allow or disallow the file system operation in question. I haven't worked in the kernel before and am worried that this behavior may cause the entire system to hang.

It will likely cause the system to hang, if you are asking for authentication on every authorization request, rather than e.g. on a specific file. Even then, it's mostly, that's not a good idea.

In general, if your user space client application ends up making any FS calls, it will end up blocked behind itself authorizing itself to make those calls (e.g. if it needs to access a password file, or needs to open a resource file to display a localized string in a dialog, and so on).

A good model to follow in this regard is the ssh-agent model. In that model, the ssh-agent will turn around authorization requests immediately, and if you want a session authorized to it, then you use ssh-add. This divorces the user input for granting of authorization from the daemon that turns around the requests (all requests are denied unless you are authorized).

This works best if the application itself knows about authorization (i.e. if ssh-agent is not running, or if you have not authorized yourself to it via ssh-add, it'll ask you for the password instead when it can't get it from the agent).


-- Terry


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >Kext suspension question (From: Greg <email@hidden>)




Prev by Date:
Kext suspension question

Next by Date:
Understanding cores...

Previous by thread:
Kext suspension question

Next by thread:
Understanding cores...

Index(es):

Date
Thread