New version of capabilities patch online, some more status

Robert Watson rwatson at FreeBSD.org
Thu Apr 27 02:51:10 GMT 2000 

I've placed a new version of the least privilege POSIX.1e capabilities
online, which address a number of issues:

o Numerous userland compile bugs fixed based on ucred.h requiring
  capability.h.
o Support for capabilities overriding file system permissions, which
  required seriously restructuring ufs_access and associated routines
o Restructure signal and debugging permission checks
o Modify suser() to not set the ASU flag, as auditing of use of privilege
  should reflect real use, not a successful authorization check
  (introduced suser_used(), but not all suser calls updated to indicate
  privilege yet)
o Countless other changes

I'm currently working on backing capabilities into the file system, and
hope to have a prototype of that done by the end of this weekend (I'm
currently traveling and figured I'd push this out the door as development
is slowed for the duration of my trip).

On other topics:
o Currently working on ideas relating to defining a TCB based on the
  suggestions and commentary on the list, in particular thanks to the SGI
  folk for their online Trusted IRIX documentation.
o I'm currently part way through work on a new authorization
  infrastructure, and hope to get some design notes online for commentary
  shortly.
o There has been substantial interest in picking up on the auditing
  implementation that I left off a year or so ago, and that SRI appears to
  have dropped the ball on.  Hopefully we can get some design discussion
  going on this topic shortly, as the various developers who have
  expressed interest come up to speed.

I'm very enthusiastic about the discussions of application-level support
for mandatory access control interfaces, and with X-Windows which sits
somewhere in between the system and user space.  I don't have much to
bring to such a discussion, but think this would be an extremely useful
direction to turn our attention to.  I guess the first thing that comes to
mind is deciding in what ways X-Windows would benefit from being aware of
operating system policies (primarily MAC labels and policy), and what
implications this has from a user interface and application development
perspective.

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list