Date: Thu, 2 Jul 1998 22:04:26 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: easmith@beatrice.rutgers.edu (Allen Smith) Cc: avalon@coombs.anu.edu.au, dg@root.com, security@FreeBSD.ORG, njs3@doc.ic.ac.uk, dima@best.net, abc@ralph.ml.org, tqbf@secnet.com Subject: Re: bsd securelevel patch question Message-ID: <199807021204.FAA08205@hub.freebsd.org> In-Reply-To: <9807020126.ZM19413@beatrice.rutgers.edu> from "Allen Smith" at Jul 2, 98 01:26:21 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Allen Smith, sie said: > > I don't have any way of getting to that currently; could you put that > on an ftp-accessible spot? There's no link to that from the > http://coombs.anu.edu.au/~avalon/ page. ftp://coombs.anu.edu.au/pub/net/misc/mount_portal.tgz > Does this require that programs access these ports via the portal > filesystem itself, or is it simply determining permissions this way? It requires them to use portals. > If the former, then that's going to cause the same sort of problems > with porting - including porting security-critical applications - that > I was mentioning earlier. If the latter, that makes it more > interesting... although probably still requiring some alterations to > the group permissions system to make it work right with setuid > programs, as I was pointing out previously. Well, if C code compiled calls a socket(2) stub in libc, then that or the bind or connect could be written to transparently use portals. Otherwise you need to convert your socket/bind's into an open. If one was using a more advanced API for sockets than the system calls which did it all in one call, you'd just rewrite that part of the library. In that implementation of addings access control to portals, there's too much fiddly work involved in making it work. A separate file or other statements in portal.conf could just as easily (and perhaps better) control access. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807021204.FAA08205>