From owner-freebsd-security Fri Jan 14 8:39: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 0669914E47 for ; Fri, 14 Jan 2000 08:36:28 -0800 (PST) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 1299h0-0000mK-00; Fri, 14 Jan 2000 16:35:19 +0000 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 1299gy-0005rl-00; Fri, 14 Jan 2000 16:35:16 +0000 X-Mailer: exmh version 2.0.2 2/24/98 To: Robert Watson Cc: freebsd-security@freebsd.org Subject: Re: Restructuring authorization checks to facilitate new security models In-reply-to: Your message of "Fri, 14 Jan 2000 08:08:25 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Jan 2000 16:35:16 +0000 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The subject/object model looks reasonable, but I suspect that some operations will turn out to have more than one object operand; for example a user/process (subject) mounting (operation) a file system (object) at a particular place in the already mounted filesystem (second object). I also suspect that the exact choice of which subject to use will not always be obvious; in my example will it be the user or the process? - the criteria about what object should "inherit" what capabilities from what object and be controlled by any ACLs tagged on to which object will be a good generator of (ahem) debate. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message