From owner-freebsd-config Tue Feb 3 14:25:19 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA18822 for config-outgoing; Tue, 3 Feb 1998 14:25:19 -0800 (PST) (envelope-from owner-config) Received: from relay.cs.tcd.ie (relay.cs.tcd.ie [134.226.32.56]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18811 for ; Tue, 3 Feb 1998 14:25:08 -0800 (PST) (envelope-from careilly@monoid.cs.tcd.ie) Received: from monoid.cs.tcd.ie (monoid.cs.tcd.ie [134.226.38.99]) by relay.cs.tcd.ie (8.8.7/8.8.7) with ESMTP id WAA20444; Tue, 3 Feb 1998 22:24:45 GMT Received: from monoid.cs.tcd.ie (localhost.my.domain [127.0.0.1]) by monoid.cs.tcd.ie (8.8.5/8.8.5) with ESMTP id WAA16835; Tue, 3 Feb 1998 22:20:52 GMT Message-Id: <199802032220.WAA16835@monoid.cs.tcd.ie> To: Richard Wackerbarth cc: config@FreeBSD.ORG Subject: Re: WebAdmin X-Address: Department of Computer Science, Trinity College, Dublin 2, Ireland. X-Phone: +353-(0)1-6081321 In-reply-to: Message from Richard Wackerbarth dated today at 10:45. MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <16830.886544451.1@monoid.cs.tcd.ie> Content-Description: text Date: Tue, 03 Feb 1998 22:20:52 +0000 From: Colman Reilly Sender: owner-config@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 9:42 AM -0600 2/3/98, Colman Reilly wrote: > the databases useable and stable. >Sure. Now remember we have to assume that people will be attempting to >exploit the admin system as a security hole. We can't trust any state com ing >from a HTTP connection. >Look at Mike Smiths juliet stuff. Look at my thoughts on Portia/security >stuff. My only objection to his design is that it is a little too specific. I think that ALL the "back end" modules should appear monolithic and recursively defined. For example, although the password file is organized as a list of records each having fixed entries, it can be modeled as a two level tree. The top level entries are tagged by the name. Within each of those nodes there are entries tagged by , , , , etc. That's an objection to his implementation, not his design. It depends on the maturity of the sub-system really. For password I agree, but for some faster moving targets the more "black-box" approach might be better. In an ideal world you're right. >Look at the mail archives on this topic. Which archives? I cannot find one for "config". Most of the stuff has actually been discussed on hackers as far as I can see. :-) >I'd really like to see people cooperating on this with a well thought out >structure rather than see three sets of people head out into space. Me, too. But doesn't that break the "FreeBSD model" of "implement before you discuss the design?" :-) Oh. I'm sorry. I'm doing research in formal methods and mathematical modeling of software. I get carried away with this design business occasionally. Colman