From owner-freebsd-security  Fri Mar 12  7:33:15 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rapidsite.net (mail.rapidsite.net [207.158.192.62])
	by hub.freebsd.org (Postfix) with SMTP id 280831544D
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Mar 1999 07:33:08 -0800 (PST)
	(envelope-from gryphon@intech.net)
Received: from gw1.hway.net (207.158.192.37)
	by mail.rapidsite.net (RS ver 1.0.2) with SMTP id 3011;
	Fri, 12 Mar 1999 10:32:29 -0500 (EST)
Message-ID: <36E93489.495C0BF@intech.net>
Date: Fri, 12 Mar 1999 10:36:41 -0500
From: Coranth Gryphon <gryphon@intech.net>
Reply-To: gryphon@hway.net
X-Mailer: Mozilla 4.08 [en] (WinNT; I)
MIME-Version: 1.0
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: Wes Peters <wes@softweyr.com>,
	Matthew Dillon <dillon@apollo.backplane.com>,
	andrewr <andrewr@slack.net>, Archie Cobbs <archie@whistle.com>,
	Andrew McNaughton <andrew@squiz.co.nz>, freebsd-security@FreeBSD.ORG
Subject: Re: disapointing security architecture
References: <Pine.BSF.3.96.990312094955.6494T-100000@fledge.watson.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Loop-Detect: 1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> FS.  Where did they find the space to store the ACLs?  Adding any more
> serious data to the inode results in reduced performance as you chew

How much 'extra stuff' can we pack in before you hit that performance
degradation? Also, can anything be removed as obsolete to make more
room? Is there documentation (aside from existing code) on exactly what
is in the inode block now? 

> forks (file:data, file:acl, NT-style) sounds interesting, but is a
> fairly large amount of work.  I suppose one could use layering to do
> this--reserve the : character (or something else) and have a file

Gets messy when dealing with shared file systems.

> direct block pointers. Adding a new block that stores just ACL data
> sounds feasible, but removes the simplicity of the whole thing

This seems like the simplest approach, as most of the added work
is at least straight forward and not technically tricky.

My $.03

-coranth

---------------------------------------+----------------------------
 Coranth Gryphon  <gryphon@hway.net>   |  Work Phone: 561-912-2497
 Chief Architect, Hiway Technologies   |  #include <std.disclaimer>
---------------------------------------+----------------------------
              When all else fails, do the impossible.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message