New version of capabilities patch online, some more status
Robert Watson
rwatson at FreeBSD.org
Thu Apr 27 02:51:10 GMT 2000
I've placed a new version of the least privilege POSIX.1e capabilities
online, which address a number of issues:
o Numerous userland compile bugs fixed based on ucred.h requiring
capability.h.
o Support for capabilities overriding file system permissions, which
required seriously restructuring ufs_access and associated routines
o Restructure signal and debugging permission checks
o Modify suser() to not set the ASU flag, as auditing of use of privilege
should reflect real use, not a successful authorization check
(introduced suser_used(), but not all suser calls updated to indicate
privilege yet)
o Countless other changes
I'm currently working on backing capabilities into the file system, and
hope to have a prototype of that done by the end of this weekend (I'm
currently traveling and figured I'd push this out the door as development
is slowed for the duration of my trip).
On other topics:
o Currently working on ideas relating to defining a TCB based on the
suggestions and commentary on the list, in particular thanks to the SGI
folk for their online Trusted IRIX documentation.
o I'm currently part way through work on a new authorization
infrastructure, and hope to get some design notes online for commentary
shortly.
o There has been substantial interest in picking up on the auditing
implementation that I left off a year or so ago, and that SRI appears to
have dropped the ball on. Hopefully we can get some design discussion
going on this topic shortly, as the various developers who have
expressed interest come up to speed.
I'm very enthusiastic about the discussions of application-level support
for mandatory access control interfaces, and with X-Windows which sits
somewhere in between the system and user space. I don't have much to
bring to such a discussion, but think this would be an extremely useful
direction to turn our attention to. I guess the first thing that comes to
mind is deciding in what ways X-Windows would benefit from being aware of
operating system policies (primarily MAC labels and policy), and what
implications this has from a user interface and application development
perspective.
Robert N M Watson
robert at fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list