Date: 18 Oct 1999 11:09:09 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Justin Wells <jread@semiotek.com> Cc: freebsd-arch@freebsd.org Subject: Re: kern.securelevel and X Message-ID: <xzpogdx2fyi.fsf@flood.ping.uio.no> In-Reply-To: Dag-Erling Smorgrav's message of "18 Oct 1999 10:56:51 %2B0200" References: <XFMail.991015111802.shelton@sentry.granch.ru> <Pine.LNX.4.05.9910150036170.5339-100000@jason.argos.org> <14343.23571.679909.243732@blm30.IRO.UMontreal.CA> <19991017012750.A812@fever.semiotek.com> <380A1E2C.CCA326F5@gorean.org> <19991018024704.A512@semiotek.com> <xzpyad12jd7.fsf@flood.ping.uio.no> <19991018043039.B1711@semiotek.com> <xzpso392gj0.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@flood.ping.uio.no> writes: > I'm starting to think that secure levels should be implemented as > bitmasks, with one bit for each operation or group of operation to be > allowed or denied (0 = allow, 1 = deny). The if statement above could > be rewritten as: > > if (securemask & SEC_MOUNT) > return (EPERM); > > Using a simple bitmask might be too simple though (it would restrict > us to 32 or 64 distinct operations), so we might want to hide the > actual implementation behind a function call or macro: > > if (!sec_permitted(SEC_MOUNT)) > return (EPERM); I'm thinking this might be -arch material. Do we want to do this? I think it can be done rather painlessly, and backwards compatibility with kern.securelevel should be easy to provide. The same mechanism can be used to implement process- or user-level capabilities, maybe leading us to merge (the hypothetical) sec_permitted() with suser(). After all, they're just two different ways of asking "is this ol' joe even *allowed* to do this?" DES (patches... must... write... patches...) -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpogdx2fyi.fsf>