Subject: Re: Security Changes to NetBSD.
To: Darren Reed <>
From: Simon Burge <>
List: tech-security
Date: 11/17/1997 21:49:31
On Mon, 17 Nov 1997 19:35:39 +1100 (EST)  Darren Reed wrote:

> An example of what came to mind was some sort of trap back to a user
> program which checked the request against a configuration file.  An
> example would be you do "cd /home/web", it looks in its config file
> which has something like "chdir user=!web /,!/home/web" and returns
> saying "no, don't allow that chdir" - even if it is mode 777!

What about something like ACLs?  For the simpler cases, they'd be a more
lightweight than a full blown external check.  (I know this is specific
to file access, and you're talking about something a lot more general,
but ACLs can come in handy.)