> right now the bsd security model is almost non-existant. we're lacking
> file-system acls, we're lacking per-process capabilities and we could
> also do user roles. but we have to start somewhere.

Perhaps the first thing we could start with is the ps command.
Modify it so a user can only see his own processes and root being
able to see all of them. Should be implementable without breaking
everything :)

> step-by-step move: first, we'll do the underlying work that will allow
> us to implement finer-grained interfaces on top. this is what has been
> discussed in this thread (if it wasn't clear) as well as my other work
> on darwin-style kernel authorization.

Do you think we should do small changes and prepare something
bigger like ACL implementation for later ?

There are some interesting stuff in FreeBSD we could use. It's
code, under BSD licence and it would be a good start rather than
starting from a blank page.

My knowledge of ACL is close to NULL so I won't be able to help a
lot there :/

--
unzip ; strip ; touch ; grep ; find ; finger ; mount ; fsck ; more ; yes ;
fsck ; umount ; sleep