From owner-freebsd-security Sun Aug 27 13:34: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id D7AD637B424; Sun, 27 Aug 2000 13:34:01 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id QAA74915; Sun, 27 Aug 2000 16:34:01 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 27 Aug 2000 16:34:00 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-security@FreeBSD.org Cc: phk@FreeBSD.org, green@FreeBSD.org Subject: Re: Review request: replacing p_trespass(), modifications to vaccess() In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To those reviewing, I've uploaded new versions of the patches since the post, replacing a few more PRISON_CHEK() calls, and merging in a few other changes from my tree. One interesting thing to consider is the different in access control choices between ptrace() (relatively liberal) and ktrace() (slightly less so). ptrace() is more concerned with the process being setugid, whereas ktrace is concerned with differences in credentials. Given that the functionality is very similar, we should probably combine the two access control checks, and decide which is more appropriate for our needs. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message