On Tue, Jun 21, 2011 at 07:55:37AM +0100, David Laight wrote: > On Mon, Jun 20, 2011 at 04:29:05PM -0700, Brian Buhrow wrote: > > > For reference, I used the ktrcanset() function from kern_ktrace.c from > > NetBSD-3.0 sources because it was easier to read than following the chain > > of layers down through the secmodel infrastructure and finding where > > exactly the permission is denied in that machinery. > > mmmm security through obscurity ...
For what it's worth, I find reading the secmodel code very easy. Much easier than reading the tangled logic around every open coded permission check that used to be in the tree. -- Thor Lancelot Simon t...@panix.com "All of my opinions are consistent, but I cannot present them all at once." -Jean-Jacques Rousseau, On The Social Contract
