From owner-freebsd-security  Mon Oct 18 12:40:26 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.gmx.net (mail2.gmx.net [194.221.183.62])
	by hub.freebsd.org (Postfix) with SMTP id 336D6150B7
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Oct 1999 12:40:15 -0700 (PDT)
	(envelope-from Gerhard.Sittig@gmx.net)
Received: (qmail 1451 invoked by uid 0); 18 Oct 1999 19:40:13 -0000
Received: from p3e9e7b89.dip.t-dialin.net (HELO speedy.gsinet) (62.158.123.137)
  by mail2.gmx.net with SMTP; 18 Oct 1999 19:40:13 -0000
Received: (from sittig@localhost)
	by speedy.gsinet (8.8.8/8.8.8) id UAA28746
	for freebsd-security@FreeBSD.ORG; Mon, 18 Oct 1999 20:41:28 +0200
Message-ID: <19991018204128.G27109@speedy.gsinet>
Date: Mon, 18 Oct 1999 20:41:28 +0200
From: Gerhard Sittig <Gerhard.Sittig@gmx.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: kern.securelevel and X
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> <xzpyad12jd7.fsf@flood.ping.uio.no> <19991018043039.B1711@semiotek.com> <xzpso392gj0.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
In-Reply-To: <xzpso392gj0.fsf@flood.ping.uio.no>; from Dag-Erling Smorgrav on Mon, Oct 18, 1999 at 10:56:51AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Oct 18, 1999 at 10:56 +0200, Dag-Erling Smorgrav wrote:
> [ ... ]
> 
> +	if (securelevel > 3)
> +		return (EPERM);
> 
> [ ... ]
> 
> I'm starting to think that secure levels should be implemented as
> bitmasks, with one bit for each operation or group of operation to be
> allowed or denied (0 = allow, 1 = deny). The if statement above could
> be rewritten as:
> 
> 	if (securemask & SEC_MOUNT)
> 		return (EPERM);

... which sounds to me very much like capabilities ...

> Using a simple bitmask might be too simple though (it would restrict
> us to 32 or 64 distinct operations), so we might want to hide the
> actual implementation behind a function call or macro:
> 
> 	if (!sec_permitted(SEC_MOUNT))
> 		return (EPERM);

and this one does for sure :>

I'm not that familiar with FBSD, but it sounds like one usually
has a certain set of capabilities which reduces in a determined
way when raising the securelevel.  So on the way to a higher
level one even might lose the ability to grant some privileges.


virtually yours - Gerhard Sittig
-- 
If you don't understand or are scared by any of the above
        ask your parents or an adult to help you.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message