From owner-freebsd-security  Wed Jul  1 00:45:37 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAB11774
          for freebsd-security-outgoing; Wed, 1 Jul 1998 00:45:37 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA11747
          for <security@FreeBSD.ORG>; Wed, 1 Jul 1998 00:45:24 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id AAA01700;
	Wed, 1 Jul 1998 00:44:24 -0700 (PDT)
Message-Id: <199807010744.AAA01700@implode.root.com>
To: "Allen Smith" <easmith@beatrice.rutgers.edu>
cc: security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org,
        tqbf@secnet.com
Subject: Re: bsd securelevel patch question 
In-reply-to: Your message of "Wed, 01 Jul 1998 03:08:52 EDT."
             <9807010308.ZM11585@beatrice.rutgers.edu> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Wed, 01 Jul 1998 00:44:24 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>> You'd have to do a search through the fairly large group set each time you
>> wanted to check for the capability. Even if we did implement the gid method
>> externally, I still think that the kernel internal representation would be
>> best handled by a privilege mask.
>
>I can see this reasoning for most privileges... but not for the port
>ones. Hmm... how about a specific permission for PRIV_TCP, granted to
>any process with a group between x+1 and x+1023, with the port access
>granted being port=(group-x)? The same would be for PRIV_UDP. This
>would admittedly necessitate a group set scan for the group
>corresponding to the requested port. ucred seems to be a logical place
>to put a privilege mask.

   I'll resist any scheme that ties specific privileges to specific gids. To
me it seems too kludgy and I also suspect that most FreeBSD admins will be
quite unhappy about us hijacking a large block of gids for our special
purposes.

>P.S. You were mentioning VAXen before; as it happens, I've been a user
>on those. Their privilege scheme is something I've had in mind
>also.

   Prior to BSD, I operated a two machine VAX/VMS cluster for about 5 years
in my home datacenter (a facility that is next to my home office). :-)

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message