From owner-freebsd-security  Wed Jul  1 06:35:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA16620
          for freebsd-security-outgoing; Wed, 1 Jul 1998 06:35:12 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA16598
          for <security@FreeBSD.ORG>; Wed, 1 Jul 1998 06:35:04 -0700 (PDT)
          (envelope-from avalon@coombs.anu.edu.au)
Message-Id: <199807011335.GAA16598@hub.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA096010059; Wed, 1 Jul 1998 23:34:19 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: bsd securelevel patch question
To: avalon@coombs.anu.edu.au (Darren Reed)
Date: Wed, 1 Jul 1998 23:34:18 +1000 (EST)
Cc: easmith@beatrice.rutgers.edu, dg@root.com, security@FreeBSD.ORG,
        njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com
In-Reply-To: <199807011254.FAA12664@hub.freebsd.org> from "Darren Reed" at Jul 1, 98 10:53:10 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from Darren Reed, sie said:
> 
> 
> sigh...the < 1024 port thing keeps coming up.  I will try and dig up the
> hacks I did to portalfs to provide acl's for listen sockets.
> 
> no stupid extended permissions checks in kernels necessary.

well, I dug it up, and it's not really pretty, but it does prove it is
possible.  the way I set it up to work was to read in the directory
structure prior to mount_portal taking it over and then use the file
perms in that for access control.

this was just an experiment.

a better way to do it is to have a separate configuration file for the
perms. so that you can edit those whilst mount_portal is still running.
I thought I'd had a go at that, but I don't see the code anywhere just
now so I'll assume it's not going to be easily found.

Darren

http://coombs.anu.edu.au/~avalon/mount_portal.tgz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message