From owner-freebsd-hackers Tue Sep 24 14:41:40 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1672737B401; Tue, 24 Sep 2002 14:41:39 -0700 (PDT) Received: from gold.he.net (gold.he.net [216.218.149.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A844843E77; Tue, 24 Sep 2002 14:41:38 -0700 (PDT) (envelope-from daver@gomerbud.com) Received: from tombstone.localnet.gomerbud.com (adsl-63-196-195-40.dsl.snlo01.pacbell.net [63.196.195.40]) by gold.he.net (8.8.6/8.8.2) with ESMTP id OAA16254; Tue, 24 Sep 2002 14:41:35 -0700 Received: by tombstone.localnet.gomerbud.com (Postfix, from userid 1001) id 3FCDB55FC; Tue, 24 Sep 2002 01:09:14 -0700 (PDT) Date: Tue, 24 Sep 2002 01:09:14 -0700 From: "David P. Reese Jr." To: Juli Mallett Cc: hackers@freebsd.org Subject: Re: Just a wild idea Message-ID: <20020924080914.GA2870@tombstone.localnet.gomerbud.com> References: <013f01c2320d$10ceff00$6401a8c0@dchristenson> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020923023031.D7466-100000@coredump.scriptkiddie.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 23 Sep, 2002, Lamont Granquist wrote: >> Maybe just replace all suser(9) uses with MAC credential checks, and >> install MAC_UNIX by default, which would be set up to behave like >> ye olden UNIX... Who knows. > >Something like that sounds like a really good idea. I'd like to see this >not only for binding to low ports but also, for example, to set the system >time -- this would let you run ntpd as non-root. > >It'd be interesting to have a system one day where once you've gone past >single user mode, root drops all its privs and acts just like a normal >user account and daemon accounts only have special privs handed out to >them in little chunks. This is starting to sound a bit too much like Plan9. Here is a very short snippit on filesystem permissions from the document at: http://plan9.bell-labs.com/wiki/plan9/KFS_file_system_configuration/index.html [snip] There is no super-user; the closest equivalent is the person who booted the terminal (generically called Eve; Adm owns the file server). Most devices are owned by Eve, and the local kernel will let Eve do most things commonly associated with a super-user (for example, debug or kill processes she doesn't own). Eve's power does not extend past the local machine, though, or even into the kfs file system. The important difference is that the kfs file system is being provided by a user process, which has its own permissions checking separate from the kernel, and it does not care to let the hostowner have special permissions directly. [snip] -- David P. Reese Jr. daver@gomerbud.com -------------------------------------------------------------------------- C You shoot yourself in the foot. Assembler You try to shoot yourself in the foot, only to discover you must first invent the gun, the bullet, the trigger, and your foot. How to Shoot Yourself in the Foot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message