From owner-freebsd-security Fri Mar 12 9: 6:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 000F814CE4 for ; Fri, 12 Mar 1999 09:06:29 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id KAA03602; Fri, 12 Mar 1999 10:05:11 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36E94946.5DFC60DF@softweyr.com> Date: Fri, 12 Mar 1999 10:05:10 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik Cc: robert+freebsd@cyrus.watson.org, dillon@apollo.backplane.com, andrewr@slack.net, archie@whistle.com, andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <199903121509.MAA19155@ns1.sminter.com.ar> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > > En un mensaje anterior, Robert Watson escribió: > [...] > > The Solaris folk now appear to have ACL support in the base OS install + > > FS. Where did they find the space to store the ACLs? Adding any more > > I think they store it sacrificing 3rd. level indirection, but I'm not sure. I'd guess the direct blocks instead, because they won't have (much) affect on the file size. Lemme look... Nope, it doesn't look like the ACL information is referenced in the disk inode. They must store it somewhere else on the volume. Weird. My suggestion for FreeBSD would be to steal half of the disk direct blocks in the disk inode for ACL information. Each acl needs to have a uid_t (potentially a gid_t), a user/group type bit, and 3 bits of permissions. The way you apply rules is first, any ACL with an exact match for UID is highest priority. Second, any ACL with an exact match for GID. Last, apply the standard UNIX permission rules. You'll need a unique pattern of file type bits that signifies this is an ordinary file with an ACL. I haven't considered interactions between this and NFS, because you'll never use NFS in a C2 environment. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message