From owner-freebsd-arch@FreeBSD.ORG Wed Sep 13 18:41:19 2006 Return-Path: X-Original-To: arch@FreeBSD.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A59F616A40F; Wed, 13 Sep 2006 18:41:19 +0000 (UTC) (envelope-from ceri@submonkey.net) Received: from shrike.submonkey.net (cpc2-cdif2-0-0-cust107.cdif.cable.ntl.com [81.104.168.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FA5E43D49; Wed, 13 Sep 2006 18:41:19 +0000 (GMT) (envelope-from ceri@submonkey.net) Received: from ceri by shrike.submonkey.net with local (Exim 4.63 (FreeBSD)) (envelope-from ) id 1GNZfg-0009v7-4h; Wed, 13 Sep 2006 19:41:16 +0100 Date: Wed, 13 Sep 2006 19:41:16 +0100 From: Ceri Davies To: Robert Watson Message-ID: <20060913184115.GE93949@submonkey.net> Mail-Followup-To: Ceri Davies , Robert Watson , arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org References: <20060913150912.J1823@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <20060913150912.J1823@fledge.watson.org> X-PGP: finger ceri@FreeBSD.org User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Ceri Davies Cc: arch@FreeBSD.org, trustedbsd-discuss@TrustedBSD.org Subject: Re: New in-kernel privilege API: priv(9) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Sep 2006 18:41:19 -0000 --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 13, 2006 at 03:29:14PM +0100, Robert Watson wrote: > What does this all mean in practice? It means replacing suser(9) and=20 > suser_cred(9) with calls that express the specific privilege being checke= d=20 > for. I took the most straight forward possible implementation: I reviewe= d=20 > all privilege checks in the kernel, identified all identical privileges a= nd=20 > categorized all privileges by subsystem. I then assigned unique numeric= =20 > constants to each unique privilege, and added a privilege identifier=20 > argument to the two new functions, priv_check(9) and priv_check_cred(9).= =20 Is this wilfully different from the privileges(5) model in Solaris 10 (http://docs.sun.com/app/docs/doc/816-5175/6mbba7f3b?a=3Dview) ? It seems that there would be some benefit in having at least a minimal common API and set of privilege names, not least to help with issues such as that raised in http://issues.apache.org/bugzilla/show_bug.cgi?id=3D34671. Having only just started to look over your work, I'll be happy to be put straight if we're talking about completely different things, but on the surface they're looking very similar. Ceri --=20 That must be wonderful! I don't understand it at all. -- Moliere --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFCFDLocfcwTS3JF8RAnXZAJ9WYU5EpK1WoDq5jOQ4DSSOvrZzDQCgp8sG Hs5o85qX1T2nspBoTDjB6nY= =SZPI -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx--