Date: Sun, 20 Oct 1996 11:16:12 -0600 (MDT) From: Wes Peters <softweyr@xmission.com> To: Jerry Kelley <jerryk@iquest.net> Cc: security@freebsd.org Subject: Any FreeBSD security topics of interest? Message-ID: <199610201716.LAA04095@obie.softweyr.com> In-Reply-To: <326902B1.F1A@iquest.net> References: <326902B1.F1A@iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jerry Kelley writes: > Again, my goal is a new topic or improvement to security for UNIX that > could be implemented (and added) to FreeBSD. I'd like to give something > back to the FreeBSD community because I believe strongly in the > principles of the a freely available OS. I'm sure there are others more deeply embedded in the security woes of {Free,Net,Open}BSD who can answer in more detail, but one topic immediately springs to mind: extend the ufs file system to use per-file access control lists. If you're not familiar with ACLs, get your hands on an HP-UX system and try 'man acl'. Their ACL system is workable and relatively UNIX-ish. ACLs have a lot of potential for clearing up some sticky administration problems in UNIX. Many of the setuid programs we worry about could be more carefully restricted with carefully applied ACLs, and many of the tasks that you have to 'su' to do today could be ACL'ed and setuid so that specific groups or individuals could perform them without needing to su. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610201716.LAA04095>