Date: Tue, 08 Jul 1997 20:33:44 +0100 From: Colman Reilly <careilly@monoid.cs.tcd.ie> To: Robert Watson <robert@cyrus.watson.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Model/Target for FreeBSD or 4.4? Message-ID: <199707081933.UAA01307@monoid.cs.tcd.ie> In-Reply-To: Message from Robert Watson dated today at 11:45.
next in thread | raw e-mail | index | archive | help
[deleted stuff about changing sockets so that they could be bound to by groups/users] With regards to gid vs. uid -- is either one of this preferable for any particular reason? gid may be more flexible, I guess, as it would allow multiple users to bind the same ports, but without having rights to each others processes, and as such allow a simpler minimum configuration. I think that if someone where to do this sort of thing then it should be according to the normal UNIX rules: (READ,WRITE,EXECUTE)X(USER,GROUP,PUBLIC). I'm not sure execute means anything in this context. This gives you maximal control, and you just default to the current behaviour. (I'd imagine a hash-table based implementation, which only incurs overhead when there are changed permissions. No hit in the hash table means default behaviour - open with port<1024 => fail for everyone except root.) Colman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707081933.UAA01307>