Date: Thu, 2 Jul 1998 01:26:21 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: dg@root.com, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <9807020126.ZM19413@beatrice.rutgers.edu> In-Reply-To: Darren Reed <avalon@coombs.anu.edu.au> "Re: bsd securelevel patch question" (Jul 1, 11:34pm) References: <01IYVQYVEO5E00BUWA@AESOP.RUTGERS.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 1, 11:34pm, Darren Reed (possibly) wrote: > well, I dug it up, and it's not really pretty, but it does prove it is > possible. the way I set it up to work was to read in the directory > structure prior to mount_portal taking it over and then use the file > perms in that for access control. > > this was just an experiment. > > a better way to do it is to have a separate configuration file for the > perms. so that you can edit those whilst mount_portal is still running. > I thought I'd had a go at that, but I don't see the code anywhere just > now so I'll assume it's not going to be easily found. > > http://coombs.anu.edu.au/~avalon/mount_portal.tgz I don't have any way of getting to that currently; could you put that on an ftp-accessible spot? There's no link to that from the http://coombs.anu.edu.au/~avalon/ page. Does this require that programs access these ports via the portal filesystem itself, or is it simply determining permissions this way? If the former, then that's going to cause the same sort of problems with porting - including porting security-critical applications - that I was mentioning earlier. If the latter, that makes it more interesting... although probably still requiring some alterations to the group permissions system to make it work right with setuid programs, as I was pointing out previously. -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9807020126.ZM19413>