Subject: Re: Security Changes to NetBSD.
To: Darren Reed <firstname.lastname@example.org>
From: Simon Burge <email@example.com>
Date: 11/17/1997 21:49:31
On Mon, 17 Nov 1997 19:35:39 +1100 (EST) Darren Reed wrote:
> An example of what came to mind was some sort of trap back to a user
> program which checked the request against a configuration file. An
> example would be you do "cd /home/web", it looks in its config file
> which has something like "chdir user=!web /,!/home/web" and returns
> saying "no, don't allow that chdir" - even if it is mode 777!
What about something like ACLs? For the simpler cases, they'd be a more
lightweight than a full blown external check. (I know this is specific
to file access, and you're talking about something a lot more general,
but ACLs can come in handy.)