Date: Tue, 08 Jul 1997 20:33:44 +0100 From: Colman Reilly <careilly@monoid.cs.tcd.ie> To: Robert Watson <robert@cyrus.watson.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Model/Target for FreeBSD or 4.4? Message-ID: <199707081933.UAA01307@monoid.cs.tcd.ie> In-Reply-To: Message from Robert Watson dated today at 11:45.
next in thread | raw e-mail | index | archive | help
[deleted stuff about changing sockets so that they could be bound to
by groups/users]
With regards to gid vs. uid -- is either one of this preferable for any
particular reason? gid may be more flexible, I guess, as it would allow
multiple users to bind the same ports, but without having rights to each
others processes, and as such allow a simpler minimum configuration.
I think that if someone where to do this sort of thing then it should be
according to the normal UNIX rules: (READ,WRITE,EXECUTE)X(USER,GROUP,PUBLIC).
I'm not sure execute means anything in this context.
This gives you maximal control, and you just default to the current
behaviour. (I'd imagine a hash-table based implementation, which only
incurs overhead when there are changed permissions. No hit in the hash table
means default behaviour - open with port<1024 => fail for everyone except root.)
Colman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707081933.UAA01307>