tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]



As a quick "proof of concept" for generic ACLs (i.e., no file-system
support is required), I've implemented ACLs on top of kauth(9)'s
future "vnode" scope, fileassoc(9), and proplib. It's unfit for
production use as it is -- you might notice there aren't too many
"frees" in the code and that it's very bare bones -- but I'm posting
it anyway to get an opinion from people and see if anyone's even
interested in something like that in NetBSD, and perhaps others have
features they'd like to see implemented.

Most of it (secmodel part, module makefile, userland program) can be found at

(see the README file in the archive.)

Note that the vnode scope implementation is (obviously) not present,
but should be trivial to add.

For those interested in just a quick demonstration of it working, a
really short session is at



Home | Main Index | Thread Index | Old Index