From owner-freebsd-fs Sat Mar 17 23:38:58 2001 Delivered-To: freebsd-fs@freebsd.org Received: from smtp10.phx.gblx.net (smtp10.phx.gblx.net [206.165.6.140]) by hub.freebsd.org (Postfix) with ESMTP id BE3BB37B725; Sat, 17 Mar 2001 23:38:51 -0800 (PST) (envelope-from tlambert@usr05.primenet.com) Received: (from daemon@localhost) by smtp10.phx.gblx.net (8.9.3/8.9.3) id AAA96598; Sun, 18 Mar 2001 00:38:34 -0700 Received: from usr05.primenet.com(206.165.6.205) via SMTP by smtp10.phx.gblx.net, id smtpdiFiFMa; Sun Mar 18 00:38:26 2001 Received: (from tlambert@localhost) by usr05.primenet.com (8.8.5/8.8.5) id AAA03250; Sun, 18 Mar 2001 00:38:33 -0700 (MST) From: Terry Lambert Message-Id: <200103180738.AAA03250@usr05.primenet.com> Subject: Re: about common group & user ID space (PR kern/14584) To: babkin@bellatlantic.net (Sergey Babkin) Date: Sun, 18 Mar 2001 07:38:31 +0000 (GMT) Cc: security@FreeBSD.ORG, wes@softweyr.com (Wes Peters), rwatson@FreeBSD.ORG (Robert Watson), fs@FreeBSD.ORG In-Reply-To: <3AB3FC38.94711FFF@bellatlantic.net> from "Sergey Babkin" at Mar 17, 2001 07:07:20 PM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-fs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I want to commit PR kern/14584. I've been told that it's good > to discuss it in -arch, -security and -fs. (It has been sort of > discussed on -hackers already, there were not much replies). > So I've posted a message on -arch, and now on -security and -fs. > I've also discussed this idea shortly with Kirk McKusick at > Usenix-2000 at the BSD BOF and he generally liked it and suggested > to review further. You could do this a bit more cleanly by just stealing the sign bit, and setting if the uid field contained a group ID. There would be no conversion problem for an existing system. The sign bit would not be "stolen", unless the sysctl was in the "active" state. This changes the check to a one line change, conditional on the high bit being set. In trade, the "set group owner" code gets a bit more complicated, but that's in the user space "chown" code, where you have to tell it to set a group, explicitly (so that it will look up the group, not the user, for a non-numeric ID, and set the high bit when stuffing it in the chown id field). Note that this change is really necessary in the user space code anyway: even if you make the UID and GID numeric values not intersect, there is still the possibility of a group and user having the same name, so a set-by-name needs a seperate flag (thing "chown bin.bin foo", for example). The benefits in not having the grovel through the FS contents, or do a more complex ID space transformations, and the moving of the majority of changes to user space, combined with the fact that if you turn it off, the ownership doesn't need to be reverted, are all plusses. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message