Re: CVS commit: src/sys/kern

2016-12-28 Thread David Holland
On Wed, Dec 28, 2016 at 07:32:05PM +, Taylor R Campbell wrote: > It's true that moving the kauth call expanded the attack surface a > little bit. Now we have to worry about: When I saw the original commit I wondered it if it was an information leak. Maybe it's not, but that's certainly a

re: CVS commit: src/sys/kern

2016-12-28 Thread matthew green
co...@sdf.org writes: > On Wed, Dec 28, 2016 at 12:05:58AM +, Roy Marples wrote: > > Can you please explain how the security model was broken? > > > > intention with securelevel is to do less things kernel-side > if it is raised (which, I hope, reduces our attack surface). > > I don't think

Re: CVS commit: src/sys/kern

2016-12-28 Thread Taylor R Campbell
Date: Wed, 28 Dec 2016 17:36:04 + From: co...@sdf.org On Wed, Dec 28, 2016 at 12:05:58AM +, Roy Marples wrote: > Can you please explain how the security model was broken? intention with securelevel is to do less things kernel-side if it is raised (which, I hope, reduces

Re: CVS commit: src/sys/kern

2016-12-28 Thread coypu
On Wed, Dec 28, 2016 at 12:05:58AM +, Roy Marples wrote: > Can you please explain how the security model was broken? > intention with securelevel is to do less things kernel-side if it is raised (which, I hope, reduces our attack surface). I don't think it's worth adding this complexity for