-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jul 14, 2007, at 9:24 PM, David Laight wrote:

> On Fri, Jul 13, 2007 at 09:36:52PM -0700, Erik Berls wrote:
>> Do we have anything else that maps its functionality?  I'd hate to  
>> lose it,
>> not that I have time to maintain it.
>
> Some of the functionality could be implemented by giving each lwp a
> bit-mask of permissions - each one being like a small part of being  
> root.
> So in the simplest scheme they are all set for uid 0, and all clear  
> for
> all other processes.
>
> Then it is a SMOP to give additional permissions to a given  
> process, or
> for a suid root program to relinquish everything except the  
> specific one
> it needs.
>
> In practise I suspect that 'normal' processes would have some  
> permissions
> (eg the ability to see all of /proc), and that the system would  
> have some
> global masks that would restrict active permissions and the inheriting
> of them.
>
We should use kauth(9) for this. If we want to keep it as  
authorization framework in our kernel.
> There is 'prior art' in this area, but I suspect the implementation
> should not be copied.
>
> 	David
>
> -- 
> David Laight: david@l8s.co.uk

Regards
- -----------------------------------------
Adam Hamsik
jabber: haad@jabber.org
icq: 249727910

Proud NetBSD user.

We program to have fun.
Even when we program for money, we want to have fun as well.
~ Yukihiro Matsumoto




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGmha8lIxPgX3Go0MRAnwUAKDSOQVpzWp108oGiVIxtZqr0m9VMgCcDi+r
wBePa7mOk9FVcrt9o/J0xy4=
=10ZO
-----END PGP SIGNATURE-----