From owner-freebsd-arch Mon Oct 18 21:28:20 1999 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 771C115CE3 for ; Mon, 18 Oct 1999 21:28:17 -0700 (PDT) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id GAA01406 for ; Tue, 19 Oct 1999 06:28:15 +0200 (CEST) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id GAA81864 for freebsd-arch@freebsd.org; Tue, 19 Oct 1999 06:28:15 +0200 (MET DST) Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id BED6415CE3 for ; Mon, 18 Oct 1999 21:28:06 -0700 (PDT) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40352>; Tue, 19 Oct 1999 14:23:41 +1000 Content-return: prohibited Date: Tue, 19 Oct 1999 14:27:48 +1000 From: Peter Jeremy Subject: Re: kern.securelevel and X In-reply-to: To: freebsd-arch@freebsd.org Reply-To: peter.jeremy@ALCATEL.COM.AU Message-Id: <99Oct19.142341est.40352@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0pre3i Content-type: text/plain; charset=us-ascii References: <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> <19991018043039.B1711@semiotek.com> <19991018142633.D1DDB1DA3@bone.nectar.com> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 1999-Oct-19 00:49:00 +1000, Dag-Erling Smorgrav wrote: >What EE suggested was to define a new SYSCTL macro to make defining >new security sysctls trivial. You'd do something like this: > >static int sec_syscall_mount = 1; >SYSCTL_SECURITY(mount, &sec_syscall_mount, "Allow mounting filesystems"); The disadvantage of this approach is kernel bloat: Each sysctl adds around 50 bytes of data overhead on an i386 (and about twice this on an Alpha). A single bitmap (which could still be a sysctl) of allowed syscalls would be substantially smaller and allow most of the permission checking inside trap.c:syscall(). (I agree that the userland would be more complex, but that isn't permanently resident). Peter -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5982 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message