Date: Sun, 18 Mar 2001 07:38:31 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: babkin@bellatlantic.net (Sergey Babkin) Cc: security@FreeBSD.ORG, wes@softweyr.com (Wes Peters), rwatson@FreeBSD.ORG (Robert Watson), fs@FreeBSD.ORG Subject: Re: about common group & user ID space (PR kern/14584) Message-ID: <200103180738.AAA03250@usr05.primenet.com> In-Reply-To: <3AB3FC38.94711FFF@bellatlantic.net> from "Sergey Babkin" at Mar 17, 2001 07:07:20 PM
next in thread | previous in thread | raw e-mail | index | archive | help
> I want to commit PR kern/14584. I've been told that it's good > to discuss it in -arch, -security and -fs. (It has been sort of > discussed on -hackers already, there were not much replies). > So I've posted a message on -arch, and now on -security and -fs. > I've also discussed this idea shortly with Kirk McKusick at > Usenix-2000 at the BSD BOF and he generally liked it and suggested > to review further. You could do this a bit more cleanly by just stealing the sign bit, and setting if the uid field contained a group ID. There would be no conversion problem for an existing system. The sign bit would not be "stolen", unless the sysctl was in the "active" state. This changes the check to a one line change, conditional on the high bit being set. In trade, the "set group owner" code gets a bit more complicated, but that's in the user space "chown" code, where you have to tell it to set a group, explicitly (so that it will look up the group, not the user, for a non-numeric ID, and set the high bit when stuffing it in the chown id field). Note that this change is really necessary in the user space code anyway: even if you make the UID and GID numeric values not intersect, there is still the possibility of a group and user having the same name, so a set-by-name needs a seperate flag (thing "chown bin.bin foo", for example). The benefits in not having the grovel through the FS contents, or do a more complex ID space transformations, and the moving of the majority of changes to user space, combined with the fact that if you turn it off, the ownership doesn't need to be reverted, are all plusses. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103180738.AAA03250>