Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2006 19:41:16 +0100
From:      Ceri Davies <ceri@submonkey.net>
To:        Robert Watson <rwatson@FreeBSD.org>
Cc:        arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org
Subject:   Re: New in-kernel privilege API: priv(9)
Message-ID:  <20060913184115.GE93949@submonkey.net>
In-Reply-To: <20060913150912.J1823@fledge.watson.org>
References:  <20060913150912.J1823@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 13, 2006 at 03:29:14PM +0100, Robert Watson wrote:

> What does this all mean in practice?  It means replacing suser(9) and=20
> suser_cred(9) with calls that express the specific privilege being checke=
d=20
> for.  I took the most straight forward possible implementation: I reviewe=
d=20
> all privilege checks in the kernel, identified all identical privileges a=
nd=20
> categorized all privileges by subsystem.  I then assigned unique numeric=
=20
> constants to each unique privilege, and added a privilege identifier=20
> argument to the two new functions, priv_check(9) and priv_check_cred(9).=
=20

Is this wilfully different from the privileges(5) model in Solaris 10
(http://docs.sun.com/app/docs/doc/816-5175/6mbba7f3b?a=3Dview) ?

It seems that there would be some benefit in having at least a minimal
common API and set of privilege names, not least to help with issues such
as that raised in http://issues.apache.org/bugzilla/show_bug.cgi?id=3D34671.

Having only just started to look over your work, I'll be happy to be
put straight if we're talking about completely different things, but on
the surface they're looking very similar.

Ceri
--=20
That must be wonderful!  I don't understand it at all.
                                                  -- Moliere

--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQFFCFDLocfcwTS3JF8RAnXZAJ9WYU5EpK1WoDq5jOQ4DSSOvrZzDQCgp8sG
Hs5o85qX1T2nspBoTDjB6nY=
=SZPI
-----END PGP SIGNATURE-----

--zYM0uCDKw75PZbzx--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060913184115.GE93949>