Privilege level for $ extended attributes? Re: Extended attribute interfaces
Robert Watson
rwatson at FreeBSD.org
Tue Jul 11 13:33:18 GMT 2000
Andreas,
With my current model for security (per-attribute per-fs), I assign read
and write privileges based on one of {kernel,root,owner,anyone}. In your
model for application attributes, my understanding is that writing to a
user namespace attribute requires write access to the inode itself (i.e.,
read or write access from the permission mask). This makes a lot of sense
to me for all the reasons we have discussed. However, I was wondering
what model you were using to permit access to system attributes? In a
post-root world, a uid0 check is not sufficient as uid0 should not connote
privilege. Possibilities that come to mind include a new or existing
capability, but I was wondering how you had addressed this, and if you had
any thoughts on an appropriate solution here?
Robert N M Watson
robert at fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list