From owner-cvs-all  Mon Feb 18 16:17: 5 2002
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id E9FD437B420; Mon, 18 Feb 2002 16:16:53 -0800 (PST)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id g1J0GlD89813;
	Mon, 18 Feb 2002 19:16:47 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 18 Feb 2002 19:16:46 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/miscfs/procfs procfs_subr.c
In-Reply-To: <xzpy9hq77in.fsf@flood.ping.uio.no>
Message-ID: <Pine.NEB.3.96L.1020218191459.69361L-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On 18 Feb 2002, Dag-Erling Smorgrav wrote:

> Robert Watson <rwatson@FreeBSD.org> writes:
> > My interpretation of this commit is that it's actually more cosmetic than
> > concrete: i.e., the permission bits will look different, but the access
> > control is the same.  Is that right?
> 
> The upper layers of the VFS system enforce the file mode. 

Hmm.  I'm not sure that's true in most cases.  Under normal circumstances,
upper layers of VFS rely on the per-filesystem code to do enforcement as
part of common operations, or they rely on the per-filesystem VOP_ACCESS() 
code.  There are a few exceptions, but not very many.  This generally
reflects the fact that the broader abstractions of the kernel don't
understand per-fs access control mechanisms, such as those in msdosfs,
NFS, AFS, etc, which differ substantially from local models.  Does this
change have specific non-cosmetic effects that you have in mind?  For
example, should we be doing a security advisory?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message