Date: Wed, 01 Jul 1998 00:44:24 -0700 From: David Greenman <dg@root.com> To: "Allen Smith" <easmith@beatrice.rutgers.edu> Cc: security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807010744.AAA01700@implode.root.com> In-Reply-To: Your message of "Wed, 01 Jul 1998 03:08:52 EDT." <9807010308.ZM11585@beatrice.rutgers.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>> You'd have to do a search through the fairly large group set each time you >> wanted to check for the capability. Even if we did implement the gid method >> externally, I still think that the kernel internal representation would be >> best handled by a privilege mask. > >I can see this reasoning for most privileges... but not for the port >ones. Hmm... how about a specific permission for PRIV_TCP, granted to >any process with a group between x+1 and x+1023, with the port access >granted being port=(group-x)? The same would be for PRIV_UDP. This >would admittedly necessitate a group set scan for the group >corresponding to the requested port. ucred seems to be a logical place >to put a privilege mask. I'll resist any scheme that ties specific privileges to specific gids. To me it seems too kludgy and I also suspect that most FreeBSD admins will be quite unhappy about us hijacking a large block of gids for our special purposes. >P.S. You were mentioning VAXen before; as it happens, I've been a user >on those. Their privilege scheme is something I've had in mind >also. Prior to BSD, I operated a two machine VAX/VMS cluster for about 5 years in my home datacenter (a facility that is next to my home office). :-) -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807010744.AAA01700>