Date: Fri, 12 Mar 1999 22:34:46 -0600 (CST) From: David Scheidt <dscheidt@enteract.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Robert Watson <robert@cyrus.watson.org>, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <Pine.BSF.4.05.9903122220480.23045-100000@nathan.enteract.com> In-Reply-To: <199903130358.TAA82290@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Mar 1999, Matthew Dillon wrote: : You know, it wouldn't cost too much to implement ACLs with an extra : inode if we implemented an ACL cache, allowing multiple references to : the same ACL inode. When someone changes the ACL associated with a file, : it would hop to a different ACL inode. There'd have to be a mechanism : to prevent excessive fragmentation but I think it would work in general : terms and not even eat that many inodes. Something like this certainly makes sense. You need to keep track of how many files are using that ACL inode, but that is much the same problem as hard links. What I wonder about is what the hit rate is going to be? I am fairly sure that most of my ACLs will be identical, so I suppose the odds of having one in core is pretty high. You would also win on what ever the ACL equivelant of chmod * is. David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903122220480.23045-100000>