Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 08 Jul 1997 20:33:44 +0100
From:      Colman Reilly <careilly@monoid.cs.tcd.ie>
To:        Robert Watson <robert@cyrus.watson.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Security Model/Target for FreeBSD or 4.4? 
Message-ID:  <199707081933.UAA01307@monoid.cs.tcd.ie>
In-Reply-To: Message from Robert Watson  dated today at 11:45.

next in thread | raw e-mail | index | archive | help
	[deleted stuff about changing sockets so that they could be bound to
	by groups/users]
     
     With regards to gid vs. uid -- is either one of this preferable for any
     particular reason?  gid may be more flexible, I guess, as it would allow
     multiple users to bind the same ports, but without having rights to each
     others processes, and as such allow a simpler minimum configuration.

I think that if someone where to do this sort of thing then it should be
according to the normal UNIX rules: (READ,WRITE,EXECUTE)X(USER,GROUP,PUBLIC).
I'm not sure execute means anything in this context. 

This gives you maximal control, and you just default to the current
behaviour. (I'd imagine a hash-table based implementation, which only
incurs overhead when there are changed permissions. No hit in the hash table
means default behaviour - open with port<1024 => fail for everyone except root.)

Colman



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707081933.UAA01307>