On Fri, Mar 12, 2010 at 12:01:57PM -0800, Michael Hunter wrote: > On Fri, 12 Mar 2010 11:42:27 -0800 > Renee Danson Sommerfeld <renee.sommerfeld at sun.com> wrote: > > [...] > > Your solution, which I think is reasonable, is to remove the escalate > > privs function and just make that part of the to_root() function, and > > add a bit of clarification to the comment in nwamd_plumb_interface(). > > Pretty much. New (untested) webrev in same place.
This is mostly what we talked about. But the change in main.c (where nwamd_to_root() is immediately followed by nwamd_from_root(), instead of the call to drop privs) is pretty gross. Could we somehow have an initialization thing early, that sets the refcounts appropriately, and then just do the nwamd_from_root() here? And looking at this here, I'm a little unhappy with the function names. These functions do more than change the uid; the current names are a bit misleading. Maybe nwamd_escalate() and nwamd_drop()? Or something more along those lines? -renee
