NetBSD Problem Report #46767

From dholland@macaran.localdomain  Fri Aug  3 00:51:48 2012
Return-Path: <dholland@macaran.localdomain>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 6693863B85F
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Aug 2012 00:51:48 +0000 (UTC)
Message-Id: <20120803005222.5E4456E227@macaran.localdomain>
Date: Thu,  2 Aug 2012 20:52:22 -0400 (EDT)
From: dholland@eecs.harvard.edu
Reply-To: dholland@eecs.harvard.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: struct kauth_cred bypasses the C type system
X-Send-Pr-Version: 3.95

>Number:         46767
>Category:       kern
>Synopsis:       struct kauth_cred bypasses the C type system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Aug 03 00:55:00 +0000 2012
>Last-Modified:  Sun Jan 01 01:35:00 +0000 2017
>Originator:     David A. Holland
>Release:        NetBSD 6.99.10 (20120802)
>Organization:
>Environment:
irrelevant

>Description:

struct kauth_cred, which is defined in sys/kern/kern_auth.c, is
ostensibly private to that file.

However, it's actually exposed via a cut and paste copy of the
structure, called struct kvm_kauth_cred, found in
lib/libkvm/kvm_proc.c.

Quite apart from the risk of nasal demons if the two copies of the
definition diverge, spoofing the type system like this is not
acceptable in a project like NetBSD where we care about code quality.

>How-To-Repeat:

code reading.
(actually reported by rmind)

>Fix:

Either the structure definition needs to be exported from the kernel
properly, and shared between the usage sites, or steps need to be
taken so the data type can really be private.

It is not entirely clear yet what this entails.

>Audit-Trail:
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/46767: struct kauth_cred bypasses the C type system
Date: Sun, 1 Jan 2017 01:32:50 +0000

 Update:

 On Fri, Aug 03, 2012 at 12:55:00AM +0000, dholland@eecs.harvard.edu wrote:
  > struct kauth_cred, which is defined in sys/kern/kern_auth.c, is
  > ostensibly private to that file.
  > 
  > However, it's actually exposed via a cut and paste copy of the
  > structure, called struct kvm_kauth_cred, found in
  > lib/libkvm/kvm_proc.c.
  > 
  > Quite apart from the risk of nasal demons if the two copies of the
  > definition diverge, spoofing the type system like this is not
  > acceptable in a project like NetBSD where we care about code quality.

 So, in the intervening years struct kauth_cred has ceased to be
 actually private (it's now in sys/kauth.h) but it's still masquerading
 under false pretenses: it's wrapped in #ifdef __KAUTH_PRIVATE,
 whatever that's supposed to mean.

 And the cutpaste copy in libkvm is still there.

 -- 
 David A. Holland
 dholland@netbsd.org
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.