Date: Sun, 14 Mar 1999 19:43:57 +1000 From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> To: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <99Mar14.193150est.40323@border.alcanet.com.au>
next in thread | raw e-mail | index | archive | help
Wes Peters <wes@softweyr.com> wrote: >My suggestion for FreeBSD would be to steal half of the disk direct >blocks in the disk inode for ACL information. The downside of this is that _all_ files between 7 and 12 blocks long (typically 48-96KB) will then need an indirect block - adding an extra block to its size (additional indirect blocks are needed for other sizes as well, but this first one is the biggest relative space/time hit). Whilst this may be reasonable for a system where the majority of the files have individual ACLs, I suspect this wouldn't be true of most systems. IMHO, stealing an extra inode (or disk block) only for files that need ACLs would be preferable (especially if ACL sharing is implemented). Admittedly, we still need to find space for the additional pointer in the inode. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Mar14.193150est.40323>