Date: Mon, 28 Aug 2000 20:54:09 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: Robert Watson <rwatson@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG, phk@FreeBSD.ORG, green@FreeBSD.ORG Subject: Re: Review request: replacing p_trespass(), modifications to vaccess() Message-ID: <Pine.BSF.4.21.0008282029490.11108-100000@besplex.bde.org> In-Reply-To: <Pine.NEB.3.96L.1000827123021.72392A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 Aug 2000, Robert Watson wrote: > I've put up a patch that makes fairly extensive changes to the structure > (but hopefully not the semantics) of inter-process authorization checks: > > http://www.freebsd.org/~rwatson/p_stuff.diff Most of this seems reasonable. > 3) Modify vaccess() so that it is restructured for more careful/ordered > use of privilege, and so that capability support can be added more > easily. This should be semantically the same from a results > perspective, but it is more careful to do a discretionary access > check before falling back in privilege, et al. As such, the KSU ASU? > accounting bit will now be set correctly in vaccess() for processes > running as uid 0, if they use privilege to access a file rather > than discretionary rights. vaccess() currently intentionally doesn't set ASU, since checking for access doesn't require any privilege. ASU should only be set if privileged access is used, e.g., upon successful completion of an open(2) call that needed privilege to succeed, but never for access(2). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008282029490.11108-100000>