From owner-freebsd-security Tue Jun 20 15:49: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from facmail.cc.gettysburg.edu (facmail.gettysburg.edu [138.234.4.150]) by hub.freebsd.org (Postfix) with ESMTP id 0FBBB37BE29 for ; Tue, 20 Jun 2000 15:49:02 -0700 (PDT) (envelope-from s467338@gettysburg.edu) Received: from jupiter2 (jupiter2.cc.gettysburg.edu [138.234.4.6]) by facmail.cc.gettysburg.edu (8.9.3/8.9.3) with SMTP id SAA06222; Tue, 20 Jun 2000 18:48:28 -0400 (EDT) Date: Tue, 20 Jun 2000 18:48:28 -0400 (EDT) From: Andrew Reiter X-Sender: s467338@jupiter2 To: James Howard Cc: freebsd-security@FreeBSD.ORG Subject: Re: Network ACLs In-Reply-To: <200006202237.SAA20291@rac10.wam.umd.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Imo, it's not too difficult to add ACLs via a kernel hack or via a KLD and then setting a higher securelevel. The socket syscall gets passed a structu proc *p [like all other syscalls], and therefore one can check uid, euid, etc etc etc... and do a hack in this manor. Andrew On Tue, 20 Jun 2000, James Howard wrote: |I know that the TrustedBSD group is working on filesystem ACLs. Will |something similar be extended to the socket interface? | |Thanks, Jamie | | |To Unsubscribe: send mail to majordomo@FreeBSD.org |with "unsubscribe freebsd-security" in the body of the message | --------------------------------------------------------- Andrew Reiter Computer Security Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message