From owner-freebsd-security  Fri Mar 12 18:32:57 1999
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.enteract.com (thor.enteract.com [207.229.143.11])
	by hub.freebsd.org (Postfix) with SMTP id 746DC152FC
	for <freebsd-security@FreeBSD.ORG>; Fri, 12 Mar 1999 18:32:47 -0800 (PST)
	(envelope-from dscheidt@enteract.com)
Received: (qmail 5699 invoked from network); 13 Mar 1999 02:32:28 -0000
Received: from nathan.enteract.com (dscheidt@207.229.143.6)
  by thor.enteract.com with SMTP; 13 Mar 1999 02:32:28 -0000
Date: Fri, 12 Mar 1999 20:32:28 -0600 (CST)
From: David Scheidt <dscheidt@enteract.com>
To: Robert Watson <robert@cyrus.watson.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: disapointing security architecture
In-Reply-To: <Pine.BSF.3.96.990312094955.6494T-100000@fledge.watson.org>
Message-ID: <Pine.BSF.4.05.9903122021400.12879-100000@nathan.enteract.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 12 Mar 1999, Robert Watson wrote:

:The Solaris folk now appear to have ACL support in the base OS install +
:FS.  Where did they find the space to store the ACLs?  Adding any more

HP/UX 10.x does ACLs with a second inode per file with ACL.  There is a 
pointer to the ACL-inode at the end of the normal inode.  I think the 
reasoning is that most files will have a NULL ACL, defaulting to standard
UNIX permissions, and so the overhead of fetching and writing an additional
block, syncronously, is not excessive.  newfs_hfs(1m) warns to allocate 
extra inodes if ACLs are going to be used much.  This is according to 
the inode(4) man page, as I haven't got HP/UX source.  If I had, I would 
have a system that I could log into the console on.

David Scheidt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message