[PATCH] SYSV IPC ABI rototill
John Baldwin
jhb at freebsd.org
Wed Jun 24 14:23:25 UTC 2009
On Tuesday 23 June 2009 7:05:01 pm Alfred Perlstein wrote:
> * John Baldwin <jhb at freebsd.org> [090623 14:07] wrote:
> > On Tuesday 23 June 2009 4:52:09 pm Dag-Erling Sm??rgrav wrote:
> > > John Baldwin <jhb at freebsd.org> writes:
> > > > There have been a several issues with the existing ABI of the SYSV IPC
> > > > structures over the past several years and it has been on the todo list for
> > > > at least both 7.0 and 8.0. Rather than putting it off until 9.0 I sat down
> > > > and worked on it this week.
> > >
> > > Have you given any thought to virtualization, i.e. separate namespaces
> > > for each jail? Will your patch make this any easier or harder to
> > > implement?
> >
> > It likely has zero effect on that. The global variables one would need to
> > virtualize are unchanged by this.
>
> John, would it make sense to check for overflow in ipcperm_new2old and return
> some error so that callers get back some nasty error so that they don't make
> a mistake about permissions when an overflow happens?
>
> A crash/error sounds better than silent truncating of credential information,
> but I could be wrong.
Hmm, well, the truncation is what we have been doing all along for any users
who used UIDs > USHRT_MAX, so adding an error now would change the behavior
for existing binaries. Also, the truncation does not affect the actual
permission checks (those are all done in the kernel), merely the reporting of
the associated IDs to userland.
--
John Baldwin
More information about the freebsd-arch
mailing list