Re: CVS commit: src/sys/kern

[David Holland]

On Wed, Dec 28, 2016 at 07:32:05PM +, Taylor R Campbell wrote:
 > It's true that moving the kauth call expanded the attack surface a
 > little bit.  Now we have to worry about:

When I saw the original commit I wondered it if it was an information
leak. Maybe it's not, but that's certainly a fourth consideration.

-- 
David A. Holland
dholl...@netbsd.org

re: CVS commit: src/sys/kern

[matthew green]

co...@sdf.org writes:
> On Wed, Dec 28, 2016 at 12:05:58AM +, Roy Marples wrote:
> > Can you please explain how the security model was broken?
> > 
> 
> intention with securelevel is to do less things kernel-side
> if it is raised (which, I hope, reduces our attack surface).
> 
> I don't think it's worth adding this complexity for better
> npfctl warnings (it's just a warning and doesn't change its
> behaviour).
> 
> If you want, I can modify npfctl not to warn for the EPERM
> case. I'm not sure whether that is better.

change npfctl to check if the module is builtin or already
loaded?

if (modctl(MODCTL_EXISTS, 0) != -1 || errno != EPERM) {
modctl_load_t m;
// setup m
if (modctl(MODCTL_LOAD, ) == -1) {
// complain here only
}
}


.mrg.