suser to priv conversion patch
I've attached a patch that replaces suser(9) with priv(9). Priv(9) is a
new API used by FreeBSD, and what it adds is fine-grained control over
which privelges are requested (and granted in turn).
So instead of
This will request ROOT privileges (which is equivalent to the suser()
call above). Of course PRIV_ROOT is not recommended and only serves
until all privileges are replaced by more fine grained privileges.
In sys/priv.h all existing privileges are defined.
The new API is as follows:
int priv_check(struct thread *td, int priv);
int priv_check_cred(struct ucred *cred, int priv, int flag);
Old suser calls still work, but should be avoided and replaced by the
corresponding priv_* call.
The patch does not (yet) modify the way privileges are granted, i.e.
the implementation is identical to the corresponding suser_*() function.
If no one objects, I'd like to commit this soon to then concentrate on
introducing fine-grained privileges. If possible, I'd like to (later)
get rid of the flags argument of priv_check_cred() (or suser_cred()),
which can be either NULL_CRED_OKAY or PRISON_ROOT, but I've not yet
thought about it throrrowly enough.
#1 Updated by mneumann over 8 years ago
Am 29.12.2008 19:16, schrieb Michael Neumann:
> I've attached a patch that replaces suser(9) with priv(9). Priv(9) is a
> new API used by FreeBSD, and what it adds is fine-grained control over
> which privelges are requested (and granted in turn).
Just commited :)