From owner-freebsd-security Tue Jul 8 14:03:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA08525 for security-outgoing; Tue, 8 Jul 1997 14:03:17 -0700 (PDT) Received: from shandakor.tharsis.com (root@robbins.jvnc.net [204.143.70.105]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA08520 for ; Tue, 8 Jul 1997 14:03:08 -0700 (PDT) Received: (from grr@localhost) by shandakor.tharsis.com (8.7.6/8.7.3) id RAA02949; Tue, 8 Jul 1997 17:00:18 -0400 (EDT) Date: Tue, 8 Jul 1997 17:00:18 -0400 (EDT) From: George Robbins Message-Id: <199707082100.RAA02949@shandakor.tharsis.com> To: adam@homeport.org, robert@cyrus.watson.org Subject: Re: Security Model/Target for FreeBSD or 4.4? Cc: freebsd-security@freebsd.org, tech@openbsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > From: Robert Watson > To: Adam Shostack > cc: freebsd-security@freebsd.org, tech@openbsd.org > Subject: Re: Security Model/Target for FreeBSD or 4.4? > > With regards to gid vs. uid -- is either one of this preferable for any > particular reason? gid may be more flexible, I guess, as it would allow > multiple users to bind the same ports, but without having rights to each > others processes, and as such allow a simpler minimum configuration. I don't want to sound like a grinch, but this seems like a poor direction to be headed in. The kernel is blessedly free of "special values" for UID's and GID's. Like one really special UID=0 (*) and done with it. File system protections are the general access control method and if you want to layout something with a lot of cases, this should given first consideration. (*) there are other special values, but typically the kernel does not explicitly test for them, they fail to be 0 or fail to match an opaque ID. Not even sure there are any special GID's, the group 0 allowed to su can be handled at the applications level. Groge