From owner-trustedbsd-discuss@FreeBSD.ORG Fri Sep 15 08:33:59 2006 Return-Path: X-Original-To: trustedbsd-discuss@freebsd.org Delivered-To: trustedbsd-discuss@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0C5416A403 for ; Fri, 15 Sep 2006 08:33:59 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62CD043D45 for ; Fri, 15 Sep 2006 08:33:59 +0000 (GMT) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by cyrus.watson.org (Postfix) with ESMTP id 36CB646BF7 for ; Fri, 15 Sep 2006 04:33:57 -0400 (EDT) Received: from ceri by shrike.submonkey.net with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GO991-0001lN-K4; Fri, 15 Sep 2006 09:33:55 +0100 Date: Fri, 15 Sep 2006 09:33:55 +0100 From: Ceri Davies To: Robert Watson Message-ID: <20060915083355.GK93949@submonkey.net> Mail-Followup-To: Ceri Davies , Robert Watson , arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org References: <20060913150912.J1823@fledge.watson.org> <20060913184115.GE93949@submonkey.net> <20060913194559.U53301@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TmwHKJoIRFM7Mu/A" Content-Disposition: inline In-Reply-To: <20060913194559.U53301@fledge.watson.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Ceri Davies Cc: arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org Subject: Re: New in-kernel privilege API: priv(9) X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2006 08:34:00 -0000 --TmwHKJoIRFM7Mu/A Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 13, 2006 at 09:28:24PM +0100, Robert Watson wrote: > A couple of points: >=20 > First, the system present in Solaris is, in effect, a variant of some dra= ft=20 > of POSIX.1e (or possibly vice versa), albeit with differently named=20 > constants. All the comments I made regarding POSIX.1e apply to it. =20 > Specifically, the priv(9) kernel API offers much more fine-grained=20 > assignment of rights relating to system administration, etc, correspondin= g=20 > specifically to the set of privileges defined in our kernel. Agreed. > Second, privileges(5) describes an alternative privilege model exposed to= =20 > userspace, whereas the work I've described is an in-kernel API for=20 > privilege checking. It doesn't imply (or, for that matter, implement) a= =20 > change in the OS privilege model, although clearly it would facilitate=20 > doing that in the future. Since priv(9) is not an application API, it's= =20 > not clear that application portability is an immediate concern. That's the difference I was looking for, thanks. > I think it's useful to compare the Solaris privilege set, and also consid= er=20 > whether in the future we want to adopt a privilege model along similar=20 > lines. However, given that the privilege models across various UNIX and= =20 > non-UNIX systems are all similar and yet completely different, I'm not su= re=20 > that being similar and yet different from Solaris is particularly a probl= em=20 > -- more, say, than being similar but different from IRIX, Linux, Windows,= =20 > etc. True enough. Thanks. Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --TmwHKJoIRFM7Mu/A Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFCmVzocfcwTS3JF8RAm2WAJ0VyFfVnLFaUhqJNnAr2AcVYkEiYwCZAZXd Osof4g2d8KRP9U5HbWH/JSA= =4dhl -----END PGP SIGNATURE----- --TmwHKJoIRFM7Mu/A--