Date: Mon, 14 Dec 1998 06:55:48 +0100 (CET) From: List User <listuser@netspace.net.au> To: freebsd-hackers@FreeBSD.org Message-ID: <199812140555.GAA09141@doorway.home.lan>
next in thread | raw e-mail | index | archive | help
Newsgroups: freebsd.hackers
Path: root
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements
Received: (from gdonl@localhost)
by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id VAA25327;
Sun, 13 Dec 1998 21:06:36 -0800 (PST)
To: Eivind Eklund <eivind>, Don Lewis <Don.Lewis>, hackers
Sender: owner-freebsd-hackers@FreeBSD.ORG
Organization: Private News Host
Precedence: bulk
Message-ID: <199812140506.VAA25327@salsa.gv.tsc.tdk.com>
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
Delivered-To: vmailer-hackers@freebsd.org
X-Uidl: 4735eebf59c373e54f3114df249397c1
X-Loop: FreeBSD.ORG
In-Reply-To: Eivind Eklund <eivind@yes.no>
"Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhancements" (Dec 13, 5:50pm)
Date: Mon, 14 Dec 1998 05:06:35 GMT
On Dec 13, 5:50pm, Eivind Eklund wrote:
} Subject: Re: adding policy tuning knobs to my F_SETOWN/SIGIO/SIGURG enhanc
} On Sun, Dec 13, 1998 at 12:28:56AM -0800, Don Lewis wrote:
} >
} > My previous security enhancements to the F_SETOWN/SIGIO/SIGURG in the 3.0
} > kernel code made some policy decisions that were hard-wired into the code
} > but were commented in case someone needed to change them. I've decided
} > that would be good to allow the security policy to be tuned using some
} > sysctl knobs.
}
} Why? What benefits does the ability to relax permissions on this
} give? I can see the use for tuning 'em up, but not really down...
Originally things were wide open, and all the other BSD's (and other *nix
flavors so far as I know) probably still are (except for possibly the
credential check). There may be a few folks out there with crazy
applications that require the old behaviour and I'd hate to disenfranchise
them or require them to make hand modifications to kernel code.
There may be situations where it is appropriate to disable the credential
check now that the F_SETOWN argument can be restricted and the pid
wraparound bug is gone.
The patch I posted also tightens the default by a notch and I was
confortable doing it because I also provided a knob to loosen it again.
I'm treating this a warmup for another security enhancement I want to
make which may have some security versus standards-conformance conflicts.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812140555.GAA09141>