Date: Fri, 22 Oct 1999 00:01:05 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Finer-grained securelevel: proof of concept Message-ID: <6076.940543265@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 21 Oct 1999 08:41:28 EDT." <Pine.BSF.3.96.991021083426.46884A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.96.991021083426.46884A-100000@fledge.watson.org>, Robert Watson writes: >On 21 Oct 1999, Dag-Erling Smorgrav wrote: > >> Patches are available from http://www.freebsd.org/~des/. This is >> strictly proof-of-concept; the patches demonstrate that fine-grained >> security knobs can be implemented with minimal code impact. No >> documentation is provided, RTFS. > >Very clean, pretty, etc -- only one object: I have been talking to a lot of people over here, and one common thing seems to be that they want to be able to set these things differently on a "per jail" basis. I actually think we should not get into the jail thing, but rather make them inheritable like other credentials, so the structure containing the stuff should hang of the proc structure, and hey wait, we already have this "struct ucred" hanging there. -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6076.940543265>