Date: Sun, 3 Feb 2008 21:35:02 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 134744 for review Message-ID: <200802032135.m13LZ2Gq060611@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=134744 Change 134744 by rwatson@rwatson_freebsd_capabilities on 2008/02/03 21:34:40 Update TODO list, a few things are done, but more needs doing. Affected files ... .. //depot/projects/trustedbsd/capabilities/TODO#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/TODO#2 (text+ko) ==== @@ -5,22 +5,17 @@ High-level TODO list: -- New file descriptor type "capability" that allows restricting the rights - associated with more general file descriptor rights. cap_new(2) creates - a capability from an existing file descriptor and requested rights mask. - -- New execution mode "capability mode", in which access to objects is done - [almost] entirely through file descriptors or capabilities. cap_enter() - enters this mode. - -- Implement fexec(2), so that new programs can be launched in capability - mode. - - Implement capfs(3), a library service to provide subsetted file access to a capability mode process, such as read capabilities on certain global or user databases, libraries, etc, with a POSIX interface within the capability mode process. +- Implement scoping for pid-based system calls, tracking a new "inheritence" + relationship to authorize such calls. Unclear what the most efficient way + to do this is, but it only matters for processes actually in capability + mode so won't affect general performance, just capability mode performance + until optimizations are found. + - man pages for system calls - ... bigger and better things ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802032135.m13LZ2Gq060611>