Date: Sun, 20 Oct 1996 11:16:12 -0600 (MDT) From: Wes Peters <softweyr@xmission.com> To: Jerry Kelley <jerryk@iquest.net> Cc: security@freebsd.org Subject: Any FreeBSD security topics of interest? Message-ID: <199610201716.LAA04095@obie.softweyr.com> In-Reply-To: <326902B1.F1A@iquest.net> References: <326902B1.F1A@iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jerry Kelley writes:
> Again, my goal is a new topic or improvement to security for UNIX that
> could be implemented (and added) to FreeBSD. I'd like to give something
> back to the FreeBSD community because I believe strongly in the
> principles of the a freely available OS.
I'm sure there are others more deeply embedded in the security woes of
{Free,Net,Open}BSD who can answer in more detail, but one topic
immediately springs to mind: extend the ufs file system to use
per-file access control lists. If you're not familiar with ACLs, get
your hands on an HP-UX system and try 'man acl'. Their ACL system is
workable and relatively UNIX-ish.
ACLs have a lot of potential for clearing up some sticky
administration problems in UNIX. Many of the setuid programs we worry
about could be more carefully restricted with carefully applied ACLs,
and many of the tasks that you have to 'su' to do today could be
ACL'ed and setuid so that specific groups or individuals could perform
them without needing to su.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.xmission.com/~softweyr softweyr@xmission.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610201716.LAA04095>