Skip site navigation (1)Skip section navigation (2) 
Date:      18 Oct 1999 11:09:09 +0200
From:      Dag-Erling Smorgrav <des@flood.ping.uio.no>
To:        Justin Wells <jread@semiotek.com>
Cc:        freebsd-arch@FreeBSD.ORG
Subject:   Re: kern.securelevel and X
Message-ID:  <xzpogdx2fyi.fsf@flood.ping.uio.no>
In-Reply-To: Dag-Erling Smorgrav's message of "18 Oct 1999 10:56:51 %2B0200"
References:  <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> <xzpyad12jd7.fsf@flood.ping.uio.no> <19991018043039.B1711@semiotek.com> <xzpso392gj0.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dag-Erling Smorgrav <des@flood.ping.uio.no> writes:
> I'm starting to think that secure levels should be implemented as
> bitmasks, with one bit for each operation or group of operation to be
> allowed or denied (0 = allow, 1 = deny). The if statement above could
> be rewritten as:
> 
> 	if (securemask & SEC_MOUNT)
> 		return (EPERM);
> 
> Using a simple bitmask might be too simple though (it would restrict
> us to 32 or 64 distinct operations), so we might want to hide the
> actual implementation behind a function call or macro:
> 
> 	if (!sec_permitted(SEC_MOUNT))
> 		return (EPERM);

I'm thinking this might be -arch material. Do we want to do this? I
think it can be done rather painlessly, and backwards compatibility
with kern.securelevel should be easy to provide.

The same mechanism can be used to implement process- or user-level
capabilities, maybe leading us to merge (the hypothetical)
sec_permitted() with suser(). After all, they're just two different
ways of asking "is this ol' joe even *allowed* to do this?"

DES (patches... must... write... patches...)
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpogdx2fyi.fsf>