Subject: Re: How kauth can make meaningful decisions about passthru ioctls
To: Elad Efrat <elad@NetBSD.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 11/30/2006 04:55:13
On Tue, Nov 28, 2006 at 02:34:49AM +0200, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
> 
> > These could also be bits in a word, for more flexibility in describing
> > commands.  I'm not sure if this is better, but it would make determining
> > what the "worst possible" is much easier!
> > 
> > Opinions?
> 
> this is very easy; reach consensus and I'll do it.

I think bits in a word (READ, WRITE, READCONF, WRITECONF) is the right
way (and it lets us add more bits later as we discover they're
necessary); what we are trying to model, after all, is device capabilities.

I am not sure I have the right set of capabilities outlined above but it
seems like a good start.

Thor