From owner-freebsd-security Thu Jul 2 10:52:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA05124 for freebsd-security-outgoing; Thu, 2 Jul 1998 10:52:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA05020 for ; Thu, 2 Jul 1998 10:52:18 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199807021752.KAA05020@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA279381887; Fri, 3 Jul 1998 03:51:27 +1000 From: Darren Reed Subject: Re: bsd securelevel patch question To: rotel@indigo.ie Date: Fri, 3 Jul 1998 03:51:27 +1000 (EST) Cc: easmith@beatrice.rutgers.edu, dg@root.com, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com In-Reply-To: <199807021331.OAA00656@indigo.ie> from "Niall Smart" at Jul 2, 98 02:31:18 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Niall Smart, sie said: > > Whats wrong with a /dev/socket/tcp/XYZ acl type scheme? If the > process has permission to read /dev/socket/tcp/83 then they can > bind to port 83, you could make it a procfs type filesystem so all > the ACL information was in memory for speed. Then you've got to > save/restore state though. you already have /dev/socket/tcp/XYZ using portals. why reinvent that wheel again ? you (and others) seem very keen on doing this. maybe you should do some more research about what's around now before taking this much further. darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message