From owner-freebsd-security Sun Nov 28 19:45: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from foo.sics.se (foo.sics.se [193.10.66.234]) by hub.freebsd.org (Postfix) with ESMTP id 8CA5715122 for ; Sun, 28 Nov 1999 19:45:04 -0800 (PST) (envelope-from assar@foo.sics.se) Received: (from assar@localhost) by foo.sics.se (8.9.3/8.9.3) id EAA42547; Mon, 29 Nov 1999 04:44:53 +0100 (CET) (envelope-from assar) To: Robert Watson Cc: "Ilmar S. Habibulin" , Garrett Wollman , freebsd-security@freebsd.org Subject: Re: ACLs 0.1 for FreeBSD 3.3-RELEASE References: From: Assar Westerlund Date: 29 Nov 1999 04:44:52 +0100 In-Reply-To: Robert Watson's message of "Sun, 28 Nov 1999 07:43:50 -0500 (EST)" Message-ID: <5lr9haotaj.fsf@foo.sics.se> Lines: 46 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > > So I ported it to -current (and fixed some nits at the same time). > > But now that machine doesn't seem to come back up and I don't have > > physically access to it. :-( But I should be able to send you the > > code hopefully later today or tomorrow. Next step is adding support > > for vop_{get,set}acl to arla :-) The kernel patches are at I'll also make diffs incorporate the library and the user-level programs available at a URL close to that. > Yes -- this was a change I was making over the DARPA ActiveNets workshop > and lost track of, as I didn't have a crash machine with me. I guess the > best thing to do would be to get your version committed to -CURRENT, and > then I can resync on -CURERNT as my development tree and continue work > from there? I think so. > I feel two directions of pull here--the first is to produce as > near-POSIX.1e implementation as possible to maximize the chances of > portability and consistency across platforms; the other is to maximize > what I think of as the most desirable functionality, which approximates > what Coda and AFS use (directory-only permissions, and a bit more specific > than read/write/execute). For the implementation, I went with > almost-exactly-POSIX, and feel we should probably do that for local file > systems, but that the issue of introducing Coda/AFS permission sets into > the interface, as they are permitted by the draft, is an interesting one > and should be looked at in detail. I'm more interested in getting something useful (and somewhat generic). I haven't given any thought as to have to map AFS ACLs into Posix ones. > If you don't have a copy of the spec, we should get a copy to you. I > believe Winni put a copy online and posted to bugtraq a while back, and > that it is off of his POSIX.1e page? We have permission from IEEE to > redistribute it as long as new downloaders agree not to redistribute it > themselves, the normal "don't blaim IEEE if it breaks your life", etc, > etc. I don't have the spec and didn't find it at Winni's page either. /assar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message