ACLs

To: tech-kern%netbsd.org@localhost, tech-security%netbsd.org@localhost
Subject: ACLs
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Sat, 27 Jun 2009 20:50:04 +0300

Hi,

As a quick "proof of concept" for generic ACLs (i.e., no file-system
support is required), I've implemented ACLs on top of kauth(9)'s
future "vnode" scope, fileassoc(9), and proplib. It's unfit for
production use as it is -- you might notice there aren't too many
"frees" in the code and that it's very bare bones -- but I'm posting
it anyway to get an opinion from people and see if anyone's even
interested in something like that in NetBSD, and perhaps others have
features they'd like to see implemented.

Most of it (secmodel part, module makefile, userland program) can be found at

    http://www.NetBSD.org/~elad/acl/acl-dist.tar.gz

(see the README file in the archive.)

Note that the vnode scope implementation is (obviously) not present,
but should be trivial to add.

For those interested in just a quick demonstration of it working, a
really short session is at

    http://www.NetBSD.org/~elad/acl/acl.demo

Thanks,

-e.

Follow-Ups:
- Re: ACLs
  - From: Adam Hamsik

Prev by Date: Changing the NetBSD Security Officer PGP key
Next by Date: Re: ACLs
Previous by Thread: Changing the NetBSD Security Officer PGP key
Next by Thread: Re: ACLs
Indexes:

Home | Main Index | Thread Index | Old Index