Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Mar 1999 06:50:11 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: disapointing security architecture
Message-ID:  <36EBBE93.DEC82C92@softweyr.com>
References:  <99Mar14.193150est.40323@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
Peter Jeremy wrote:
> 
> Wes Peters <wes@softweyr.com> wrote:
> >My suggestion for FreeBSD would be to steal half of the disk direct
> >blocks in the disk inode for ACL information.
> 
> The downside of this is that _all_ files between 7 and 12 blocks long
> (typically 48-96KB) will then need an indirect block - adding an extra
> block to its size (additional indirect blocks are needed for other
> sizes as well, but this first one is the biggest relative space/time
> hit).  Whilst this may be reasonable for a system where the majority
> of the files have individual ACLs, I suspect this wouldn't be true
> of most systems.

Actually, only the ones that have ACLs will take this hit, since
you don't have to reserve the space if the file type isn't "file with
ACL."  I see a couple of holes in this theory, though: you need ACLs
on device files too, and it becomes very expensive to add an ACL to
a file after the fact, since you have to "push down" all the blocks
in order to clear the ACL entries.

> IMHO, stealing an extra inode (or disk block) only for files that need
> ACLs would be preferable (especially if ACL sharing is implemented).

I agree, but I'm not sure how you would express the ACL sharing idea to
the user.  When the user adds an ACL to a file, are you just going to
exhaustively search all existing ACLs to see if one matches?  What do
you do if two files are sharing an ACL and a user edits one?  Change
both?  Split a new ACL?

> Admittedly, we still need to find space for the additional pointer
> in the inode.

The ufs dinode has two "spare" int32_t's at the end, that should do it.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36EBBE93.DEC82C92>