From owner-freebsd-security Wed Mar 12 07:43:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA20602 for security-outgoing; Wed, 12 Mar 1997 07:43:49 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA19656; Wed, 12 Mar 1997 07:32:54 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM) id AA18955; Wed, 12 Mar 1997 10:32:48 -0500 Date: Wed, 12 Mar 1997 10:32:48 -0500 From: Garrett Wollman Message-Id: <9703121532.AA18955@halloran-eldar.lcs.mit.edu> To: Guido van Rooij Cc: freebsd-security@freebsd.org, core@freebsd.org Subject: Re: NFS security issue... In-Reply-To: <9703121525.AA18864@halloran-eldar.lcs.mit.edu> References: <19970312011954.205.qmail@char-star.rdist.org> <199703121303.OAA19396@gvr.win.tue.nl> <9703121525.AA18864@halloran-eldar.lcs.mit.edu> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < Except, of course, that it doesn't belong under net, it belongs under > [v]fs.nfs. At this point, you may want to fix P-HK's breakage of > sysctl variables for LKM filesystems. One thing I forgot to mention... I am right now contemplating changing the socket interface to pass user credentials down to pru_bind(). This could be used, for example, to provide a more sophisticated access-control model for local port numbers (like blocking user attempts to bind to port 2049). Hopefully we can get rid of SS_PRIV completely... -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick