From owner-freebsd-security  Wed Jun 21  8:36:24 2000
Delivered-To: freebsd-security@freebsd.org
Received: from builder.FreeBSD.ORG (builder.FreeBSD.ORG [204.216.27.24])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5525237BE76; Wed, 21 Jun 2000 08:36:20 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Date: Wed, 21 Jun 2000 08:38:37 -0700 (PDT)
From: Brian Fundakowski Feldman <green@FreeBSD.org>
To: James Howard <howardjp@wam.umd.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: Network ACLs
In-Reply-To: <200006202237.SAA20291@rac10.wam.umd.edu>
Message-ID: <Pine.BSF.4.21.0006210836270.14479-100000@builder.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 20 Jun 2000, James Howard wrote:

> I know that the TrustedBSD group is working on filesystem ACLs.  Will
> something similar be extended to the socket interface?

Robert Watson and I were discussing this and ACLs in general over the
day, and yes, at one point, I will make sure that sockets have ACL
information.  Basically, the information must be that it inherits the
parent's credentials, but right now the parents credentials are still
ucred and not ACLs.

It'll come along when ACLs become more pervasive, perhaps after
Poligraph is done if that is what it takes.  We'll see :)

> Thanks, Jamie

-- 
 Brian Fundakowski Feldman           /  "Any sufficiently advanced bug is    \
 green@FreeBSD.org                   |   indistinguishable from a feature."  |
     FreeBSD: The Power to Serve!    \        -- Rich Kulawiec               /



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message