Date: Fri, 12 Mar 1999 10:05:10 -0700 From: Wes Peters <wes@softweyr.com> To: Fernando Schapachnik <fpscha@ns1.sminter.com.ar> Cc: robert+freebsd@cyrus.watson.org, dillon@apollo.backplane.com, andrewr@slack.net, archie@whistle.com, andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <36E94946.5DFC60DF@softweyr.com> References: <199903121509.MAA19155@ns1.sminter.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Fernando Schapachnik wrote:
>
> En un mensaje anterior, Robert Watson escribió:
> [...]
> > The Solaris folk now appear to have ACL support in the base OS install +
> > FS. Where did they find the space to store the ACLs? Adding any more
>
> I think they store it sacrificing 3rd. level indirection, but I'm not sure.
I'd guess the direct blocks instead, because they won't have (much)
affect on the file size. Lemme look...
Nope, it doesn't look like the ACL information is referenced in the
disk inode. They must store it somewhere else on the volume. Weird.
My suggestion for FreeBSD would be to steal half of the disk direct
blocks in the disk inode for ACL information. Each acl needs to have
a uid_t (potentially a gid_t), a user/group type bit, and 3 bits of
permissions. The way you apply rules is first, any ACL with an
exact match for UID is highest priority. Second, any ACL with an
exact match for GID. Last, apply the standard UNIX permission
rules.
You'll need a unique pattern of file type bits that signifies this
is an ordinary file with an ACL. I haven't considered interactions
between this and NFS, because you'll never use NFS in a C2 environment.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36E94946.5DFC60DF>