From owner-freebsd-security  Wed Jul  9 02:03:54 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id CAA06402
          for security-outgoing; Wed, 9 Jul 1997 02:03:54 -0700 (PDT)
Received: from monoid.cs.tcd.ie (ts19-09.dublin.indigo.ie [194.125.134.159])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA06397
          for <freebsd-security@FreeBSD.ORG>; Wed, 9 Jul 1997 02:03:50 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by monoid.cs.tcd.ie (8.8.5/8.8.5) with SMTP id UAA01307;
	Tue, 8 Jul 1997 20:33:46 +0100 (BST)
Message-Id: <199707081933.UAA01307@monoid.cs.tcd.ie>
X-Authentication-Warning: monoid.cs.tcd.ie: localhost [127.0.0.1] didn't use HELO protocol
To: Robert Watson <robert@cyrus.watson.org>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Security Model/Target for FreeBSD or 4.4? 
X-Address: Department of Computer Science, Trinity College, Dublin 2, Ireland.
X-Phone: (Home)+353-(0)1-6765859 (College)+353-(0)1-7021321
X-PGP: Public Key on Request
In-reply-to: Message from Robert Watson 
                              dated today at 11:45.
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1301.868390423.1@monoid>
Content-Description: text
Date: Tue, 08 Jul 1997 20:33:44 +0100
From: Colman Reilly <careilly@monoid.cs.tcd.ie>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

	[deleted stuff about changing sockets so that they could be bound to
	by groups/users]
     
     With regards to gid vs. uid -- is either one of this preferable for any
     particular reason?  gid may be more flexible, I guess, as it would allow
     multiple users to bind the same ports, but without having rights to each
     others processes, and as such allow a simpler minimum configuration.

I think that if someone where to do this sort of thing then it should be
according to the normal UNIX rules: (READ,WRITE,EXECUTE)X(USER,GROUP,PUBLIC).
I'm not sure execute means anything in this context. 

This gives you maximal control, and you just default to the current
behaviour. (I'd imagine a hash-table based implementation, which only
incurs overhead when there are changed permissions. No hit in the hash table
means default behaviour - open with port<1024 => fail for everyone except root.)

Colman