Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 28 Nov 1999 07:43:50 -0500 (EST)
From:      Robert Watson <robert@cyrus.watson.org>
To:        Assar Westerlund <assar@sics.se>
Cc:        "Ilmar S. Habibulin" <ilmar@ints.ru>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@freebsd.org
Subject:   Re: ACLs 0.1 for FreeBSD 3.3-RELEASE
Message-ID:  <Pine.BSF.3.96.991128073147.6450A-100000@fledge.watson.org>
In-Reply-To: <5laenzf8te.fsf@assail.s3.kth.se>

next in thread | previous in thread | raw e-mail | index | archive | help
(Assar -- hope you don't mind--I added back in the CC list)

On 28 Nov 1999, Assar Westerlund wrote:

> Robert Watson <robert@cyrus.watson.org> writes:
> > Due to interest on freebsd-security and a number of personal emails to me,
> > I've decided I'd go ahead and put online my current work on ACLs for
> > FreeBSD. It is available for download at
> > 
> >   http://www.watson.org/fbsd-hardening/posix1e/acl/
> 
> So I ported it to -current (and fixed some nits at the same time).
> But now that machine doesn't seem to come back up and I don't have
> physically access to it. :-(  But I should be able to send you the
> code hopefully later today or tomorrow.  Next step is adding support
> for vop_{get,set}acl to arla :-)

Sounds great :-).  We should actually talk about the details of this
however -- I defined the generic read/write/execute bits which are
discussed in POSIX.1e, but they actually don't preclude the possibility of
other rights being associated with files or directories.  So we could
introduce some of the AFS/Coda directory permissions and only allow them
to be used with file systems that supported them.  Similarly, there are a
few semantic details to work out with directory vs. file ACLs -- POSIX.1e
defines two ACLs for directories (access ACL, default ACL for new
children) and one ACL per file (access ACL).  Presumably all we care about
is the directory access ACL in the context of Coda and Arla, and the rest
can be emulated for vop_getacl, and probably EOPNOTSUPP'd for setacl.  I
guess the real issue is to figure how to expose the AFS/Coda rights vs.
POSIX.1e rights.

> I assume you intended on acl_syscall_delete_def_file and
> acl_syscall_delete_def_fd also being syscalls?  I did add them to
> syscalls.master.

Yes -- this was a change I was making over the DARPA ActiveNets workshop
and lost track of, as I didn't have a crash machine with me.  I guess the
best thing to do would be to get your version committed to -CURRENT, and
then I can resync on -CURERNT as my development tree and continue work
from there?

I feel two directions of pull here--the first is to produce as
near-POSIX.1e implementation as possible to maximize the chances of
portability and consistency across platforms; the other is to maximize
what I think of as the most desirable functionality, which approximates
what Coda and AFS use (directory-only permissions, and a bit more specific
than read/write/execute).  For the implementation, I went with
almost-exactly-POSIX, and feel we should probably do that for local file
systems, but that the issue of introducing Coda/AFS permission sets into
the interface, as they are permitted by the draft, is an interesting one
and should be looked at in detail.

If you don't have a copy of the spec, we should get a copy to you.  I
believe Winni put a copy online and posted to bugtraq a while back, and
that it is off of his POSIX.1e page?  We have permission from IEEE to
redistribute it as long as new downloaders agree not to redistribute it
themselves, the normal "don't blaim IEEE if it breaks your life", etc,
etc.

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991128073147.6450A-100000>