From owner-freebsd-security  Mon Mar 15  1:28:51 1999
Delivered-To: freebsd-security@freebsd.org
Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id 2AA901528C
	for <freebsd-security@FreeBSD.ORG>; Mon, 15 Mar 1999 01:28:48 -0800 (PST)
	(envelope-from peter.jeremy@auss2.alcatel.com.au)
Received: by border.alcanet.com.au id <40331>; Mon, 15 Mar 1999 19:16:10 +1000
Date: Mon, 15 Mar 1999 19:28:22 +1000
From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Subject: Re: disapointing security architecture
To: wes@softweyr.com
Cc: freebsd-security@FreeBSD.ORG
Message-Id: <99Mar15.191610est.40331@border.alcanet.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Wes Peters <wes@softweyr.com> wrote:
>Subject: Re: disapointing security architecture
>Sender: wes@softweyr.com
>To: Peter Jeremy <peter.jeremy@alcatel.com.au>
>Cc: 
>Message-id: <36EBBE93.DEC82C92@softweyr.com>
>Organization: Softweyr llc
>MIME-version: 1.0
>X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
>Content-transfer-encoding: 7bit
>X-Accept-Language: en
>References: <99Mar14.193150est.40323@border.alcanet.com.au>
>Content-Type: text/plain; charset=us-ascii
>Content-Length: 1826
>Status: RO
>
>Peter Jeremy wrote:
>> 
>> Wes Peters <wes@softweyr.com> wrote:
>> >My suggestion for FreeBSD would be to steal half of the disk direct
>> >blocks in the disk inode for ACL information.

>you don't have to reserve the space if the file type isn't "file with
>ACL."
This makes the offset->disk block code messier since NDADDR becomes
dependent on di_flags.

> you need ACLs on device files too,
I thought the block addresses in device files were unused.

> and it becomes very expensive to add an ACL to
>a file after the fact,
Agreed.

>> IMHO, stealing an extra inode (or disk block) only for files that need
>> ACLs would be preferable (especially if ACL sharing is implemented).
>
>I agree, but I'm not sure how you would express the ACL sharing idea to
>the user.

I suspect that in most cases, an ACL will be inherited from a `default
ACL' associated with a directory - in which case you just re-use the
directory's ACL.  I wouldn't expect an exhaustive search - maybe a
small cache to catch adding ACLs to a whole bunch of files in one go.

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message