On Fri, Mar 12, 2010 at 02:56:53PM -0800, Michael Hunter wrote: > On Fri, 12 Mar 2010 13:56:15 -0800 > Michael Hunter <michael.hunter at sun.com> wrote: > > [...] > > maybe nwamd_escalate()/nwamd_deescalate() are the best. They leave the > > what unspecified so the question is avoided. > > New webrev (untested) available. Its building at the moment. My sparc > build machine seems to be on performance strike so that will take a > while. I think it was flattened by a Friday three martini lunch. But > I will test the x86 build soon.
Sounds good. I looked at the webrev, and I like the changes you've made. But (please don't kill me) I noticed something else. nwam_deescalate sets the inheritable, permitted, and effective priv sets. But nwam_escalate only sets the effective set (as that's all we care about for escalating purposes. So we're doing two unneeded setppriv() calls every time we de-escalate. As this is not a regression (the old nwamd_from_root() did the same thing indirectly when it called nwamd_drop_unneeded_privs()), I'm okay with just making sure this is noted as needed clean-up, could be part of the fine-grained privs work you mentioned. -renee
