From owner-freebsd-security  Sun Mar 14 17:50: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from po7.andrew.cmu.edu (PO7.ANDREW.CMU.EDU [128.2.10.107])
	by hub.freebsd.org (Postfix) with ESMTP id 9ACD014FFE
	for <freebsd-security@FreeBSD.ORG>; Sun, 14 Mar 1999 17:49:58 -0800 (PST)
	(envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost) by po7.andrew.cmu.edu (8.8.5/8.8.2) id UAA02393; Sun, 14 Mar 1999 20:49:38 -0500 (EST)
Received: via switchmail; Sun, 14 Mar 1999 20:49:38 -0500 (EST)
Received: from unix16.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q005/QF.sqv6QRS00UwI01qFU0>;
          Sun, 14 Mar 1999 20:49:17 -0500 (EST)
Received: from unix16.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.wqv6QPK00UwI1g7T00>;
          Sun, 14 Mar 1999 20:49:15 -0500 (EST)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix16.andrew.cmu.edu.sun4m.54
          via MS.5.6.unix16.andrew.cmu.edu.sun4_51;
          Sun, 14 Mar 1999 20:49:15 -0500 (EST)
Message-ID: <Iqv6QPG00UwI1g7Ss0@andrew.cmu.edu>
Date: Sun, 14 Mar 1999 20:49:15 -0500 (EST)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: Robert Watson <robert+freebsd@cyrus.watson.org>,
	Jon Hamilton <hamilton@pobox.com>
Subject: Re: ACL's
Cc: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <19990314211556.E37313E@woodstock>
References: <19990314211556.E37313E@woodstock>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Excerpts from FreeBSD-Security: 14-Mar-99 Re: ACL's  by Jon Hamilton@pobox.com 
>No, they provide all the functionality that hardlinks do that *you* care
>about.  Not every installation is used the same way, and you're simply
>not going to be able to just do away with hard links by fiat; too many
>people and things rely upon them. 

  The best would probably be to make it a mount option, same would go
for ACL's themselves for that matter.   Hardlinks make a lot of sense in
particular partitions, but I'm hard pressed to be convinced they make
sense everywhere (particuarlly as they can only SPAN a particular
partition).  



  With ACL's it would be very dependent on the implementation as to wether 
they should be turned on on a per-partition basis, the fact that there
are dedicated permissions which could do well without ACL's means that
if there is anything but negligable performance degredation using ACL's,
they should be able to be turned off into a NOP for that particular
partition which doens't need them.
 
   Making anything like this a kernel switch seems to almost through the
machine into a 'single use' mode, which is all well for large machine
shops, or those with particular interests, but it is also nice to have
one machine theoretically be able to 'do it all' as far as be secure, as
well as, say, be a news server.

  


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message