From owner-freebsd-current Mon Dec 16 14:46:56 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA10381 for current-outgoing; Mon, 16 Dec 1996 14:46:56 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id OAA10368 for ; Mon, 16 Dec 1996 14:46:52 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id PAA02231; Mon, 16 Dec 1996 15:45:12 -0700 From: Terry Lambert Message-Id: <199612162245.PAA02231@phaeton.artisoft.com> Subject: Re: Plan for integrating Secure RPC -- comments wanted To: phk@critter.tfs.com (Poul-Henning Kamp) Date: Mon, 16 Dec 1996 15:45:12 -0700 (MST) Cc: wpaul@skynet.ctr.columbia.edu, current@freebsd.org In-Reply-To: <11680.850740486@critter.tfs.com> from "Poul-Henning Kamp" at Dec 16, 96 01:48:06 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > read it, and here are my comments: > > For the DES pollution: > > Put DES in the kernel. > > This could be as an LKM, which would be the easiest, or as > a proper kernel-source file, which would be slightly harder > to manage distributions-wise. > > Result: > * You avoid your planned hack. > * We could do away with the two versions if libcrypt we have > now, and collapse them into one. > * Which makes the dual versions of /bin/ed, /sbin/init ... > unneeded. > * Our secure dist would consist of only the LKM file. > > Drawback: > * Minor optional kernel bloat. If this becomes the "official" approach, then may I suggest /dev/des (ala SunOS) instead of a system call? This would: * Avoid system call space pollution * Allow use of DES hardware if you had it and had a driver Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.