From owner-freebsd-security  Mon Jul  7 15:48:04 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA13897
          for security-outgoing; Mon, 7 Jul 1997 15:48:04 -0700 (PDT)
Received: from biggusdiskus.flyingfox.com (biggusdiskus.flyingfox.com [206.14.52.27])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA13879
          for <security@freebsd.ORG>; Mon, 7 Jul 1997 15:47:58 -0700 (PDT)
Received: (from jas@localhost)
	by biggusdiskus.flyingfox.com (8.8.5/8.8.5) id PAA25097;
	Mon, 7 Jul 1997 15:46:57 -0700 (PDT)
Date: Mon, 7 Jul 1997 15:46:57 -0700 (PDT)
From: Jim Shankland <jas@flyingfox.com>
Message-Id: <199707072246.PAA25097@biggusdiskus.flyingfox.com>
To: robert@cyrus.watson.org
Subject: Re: Security Model/Target for FreeBSD or 4.4?
Cc: security@freebsd.ORG
Sender: owner-security@freebsd.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > something along the lines of:
> > 
> > 	net.inet.ip.<portnumber> <uid>
> > 
> > and then using it like
> > 
> > 	sysctl -w net.inet.ip.25=`id smtp`
> 
> Unfortunately, that doesn't address the distinction between TCP and UDP
> services..  I'm not sure that is a huge issue, but it seems relevant.

Sure, that should be:

	sysctl -w net.inet.tcp.25=`id smtp`
	sysctl -w net.inet.udp.53=`id named`

or whatever.  No biggie.

Of course, we already have a permissions system.  Why not:

-rw-rw----   1 root   smtp    Feb 18 09:33 /protocols/inet/tcp/25

Or is that just too weird?

Jim Shankland
Flying Fox Computer Systems, Inc.