Date: Tue, 22 Sep 1998 09:14:11 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: freebsd-hackers@FreeBSD.ORG, ncb05@uow.edu.au Subject: Re: follow-up to lkm query Message-ID: <199809221614.JAA14748@pau-amma.whistle.com> In-Reply-To: <Pine.SOL.4.02A.9809221011240.24709-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Tue, 22 Sep 1998 10:14:04 +1000 (EST)
>From: Nicholas Charles Brawn <ncb05@uow.edu.au>
>To give you an idea of what i'm working on, I have a security mod that
>temporarily replaces syscalls (execve, link, symlink, write, etc),
>performs some access-control, then passes back to the original syscall.
Hmmm....
>I'd like to be able to modify the acl via userland if possible, and one
>such thought was to have two lkms, one which was for "admin" purposes,
>such as modifying the acl list, and the other which actually did the
>work and performed authentication/etc by calling the other one.
>Anyway, if anyone could offer any suggestions I would be much appreciative.
No specific suggestions just yet, but in the dozen years I spent as an
MVS systems programmer, installing, maintaining, and writing "user
exits" to take advantage of RACF ("Resource Access Control Facility")
was one of my specialties, and I'm certainly willing to help where I
can.
[RACF was(/is? -- been away for a few years) often referred to as a
"security" product, which is something that I find misleading (at
best); rather, it's a product that handles user authentication,
administrative facilities for manipulating ACLs, and auditing. The
actual "resource control" isn't done by RACF at all (save for control
over its internal resources), but by code in other parts of the system,
such as OPEN or IKJTSO00.... I wrote code, for example, to use RACF
ACLs to control which disks would be written to when a file was created
or extended -- among (several!) other things....]
david
--
David Wolfskill UNIX System Administrator
dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809221614.JAA14748>