From owner-freebsd-hackers  Sun Dec 13 21:06:54 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA26061
          for freebsd-hackers-outgoing; Sun, 13 Dec 1998 21:06:54 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26054
          for <hackers@FreeBSD.ORG>; Sun, 13 Dec 1998 21:06:51 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id VAA04453;
	Sun, 13 Dec 1998 21:06:38 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id VAA24856;
	Sun, 13 Dec 1998 21:06:37 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id VAA25327;
	Sun, 13 Dec 1998 21:06:36 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199812140506.VAA25327@salsa.gv.tsc.tdk.com>
Date: Sun, 13 Dec 1998 21:06:35 -0800
In-Reply-To: Eivind Eklund <eivind@yes.no>
       "Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements" (Dec 13,  5:50pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Eivind Eklund <eivind@yes.no>, Don Lewis <Don.Lewis@tsc.tdk.com>,
        hackers@FreeBSD.ORG
Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Dec 13,  5:50pm, Eivind Eklund wrote:
} Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhanc
} On Sun, Dec 13, 1998 at 12:28:56AM -0800, Don Lewis wrote:
} > 
} > My previous security enhancements to the F_SETOWN/SIGIO/SIGURG in the 3.0
} > kernel code made some policy decisions that were hard-wired into the code
} > but were commented in case someone needed to change them.  I've decided
} > that would be good to allow the security policy to be tuned using some
} > sysctl knobs.
} 
} Why?  What benefits does the ability to relax permissions on this
} give?  I can see the use for tuning 'em up, but not really down...

Originally things were wide open, and all the other BSD's (and other *nix
flavors so far as I know) probably still are (except for possibly the
credential check).  There may be a few folks out there with crazy
applications that require the old behaviour and I'd hate to disenfranchise
them or require them to make hand modifications to kernel code.

There may be situations where it is appropriate to disable the credential
check now that the F_SETOWN argument can be restricted and the pid
wraparound bug is gone.

The patch I posted also tightens the default by a notch and I was
confortable doing it because I also provided a knob to loosen it again.

I'm treating this a warmup for another security enhancement I want to
make which may have some security versus standards-conformance conflicts.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message