From owner-freebsd-security Wed Jun 24 20:49:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA06918 for freebsd-security-outgoing; Wed, 24 Jun 1998 20:49:09 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA06893 for ; Wed, 24 Jun 1998 20:48:52 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with ESMTP id UAA08929 for ; Wed, 24 Jun 1998 20:49:19 -0700 (PDT) Message-Id: <199806250349.UAA08929@implode.root.com> To: security@FreeBSD.ORG Subject: Re: bsd securelevel patch question In-reply-to: Your message of "Wed, 24 Jun 1998 15:37:28 PDT." <199806242237.PAA19784@kithrup.com> From: David Greenman Reply-To: dg@root.com Date: Wed, 24 Jun 1998 20:49:19 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I think David was talking about using traditional ACL's on files. He wasn't >terribly clear, however; he also could have meant something like /dev/io >(which, when you open it, allows you to execute in/out instructions). > >I have asked him what kind of priv's he's talking about in general; there are >some rather obvious ones (PRIV_CHUID, PRIV_IO, etc.), but I suspect he has >more in mind. I can imagine that the list could be on the order of 32 large. This is one of the reasons why I don't think that a gid based scheme scales very well. You'd have to do a search through the fairly large group set each time you wanted to check for the capability. Even if we did implement the gid method externally, I still think that the kernel internal representation would be best handled by a privilege mask. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message