From owner-freebsd-hackers  Thu Aug  9 13:15:26 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from postfix.sekt7.org (209-6-248-16.c3-0.lex-ubr1.sbo-lex.ma.cable.rcn.com [209.6.248.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id 98E9C37B407; Thu,  9 Aug 2001 13:15:07 -0700 (PDT)
	(envelope-from ems@open-root.org)
Received: from smtp.sekt7.org (postfix.sekt7.org [169.69.6.38])
	by postfix.sekt7.org (Postfix) with SMTP
	id 53D283A07E; Thu,  9 Aug 2001 16:15:05 -0400 (EDT)
From: Evan Sarmiento <ems@open-root.org>
To: freebsd-hackers@freebsd.org, freebsd-current@freebsd.org
Subject: kernel hooks
Message-Id: <20010809201505.53D283A07E@postfix.sekt7.org>
Date: Thu,  9 Aug 2001 16:15:05 -0400 (EDT)
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Hey,

Like was said in the status report, I am working on the security hooks, I released a preliminary
patch about a week ago, put it into GNATS. No one has reviewed it yet,
I was wondering if someone would be willing to take a look?

http://www.freebsd.org/cgi/query-pr.cgi?pr=29423

I am also writing a paper on it, I'll probably post my first draft, if anyone wants to see it.
So you can get a better idea of what I'm doing.

If you're not up on this, here is a brief description of what I'm doing:

Kernel Security Hooks provide a standard interface for programmers of kernel security
extensions to intercept system calls and other functions. Before, programmers had to wrap
the system call with their own system call, resulting in two copyins. PRFW, the kernel
security hook patch I am addressing in this PR, provides a standard interface for these
uses. It also provides per-pid restrictions, so process X might not be able to use setuid
but process Y might, depending on what restrictions you write.


Thanks a lot,

-- 
-----------------------------------
Evan Sarmiento | www.open-root.org 
ems@sekt7.org  | www.sekt7.org/~ems/
-----------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message