Date: Mon, 15 Mar 1999 19:28:22 +1000 From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: wes@softweyr.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <99Mar15.191610est.40331@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
Wes Peters <wes@softweyr.com> wrote: >Subject: Re: disapointing security architecture >Sender: wes@softweyr.com >To: Peter Jeremy <peter.jeremy@alcatel.com.au> >Cc: >Message-id: <36EBBE93.DEC82C92@softweyr.com> >Organization: Softweyr llc >MIME-version: 1.0 >X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) >Content-transfer-encoding: 7bit >X-Accept-Language: en >References: <99Mar14.193150est.40323@border.alcanet.com.au> >Content-Type: text/plain; charset=us-ascii >Content-Length: 1826 >Status: RO > >Peter Jeremy wrote: >> >> Wes Peters <wes@softweyr.com> wrote: >> >My suggestion for FreeBSD would be to steal half of the disk direct >> >blocks in the disk inode for ACL information. >you don't have to reserve the space if the file type isn't "file with >ACL." This makes the offset->disk block code messier since NDADDR becomes dependent on di_flags. > you need ACLs on device files too, I thought the block addresses in device files were unused. > and it becomes very expensive to add an ACL to >a file after the fact, Agreed. >> IMHO, stealing an extra inode (or disk block) only for files that need >> ACLs would be preferable (especially if ACL sharing is implemented). > >I agree, but I'm not sure how you would express the ACL sharing idea to >the user. I suspect that in most cases, an ACL will be inherited from a `default ACL' associated with a directory - in which case you just re-use the directory's ACL. I wouldn't expect an exhaustive search - maybe a small cache to catch adding ACLs to a whole bunch of files in one go. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Mar15.191610est.40331>