PERFORCE change 134744 for review
Robert Watson
rwatson at FreeBSD.org
Sun Feb 3 13:35:03 PST 2008
http://perforce.freebsd.org/chv.cgi?CH=134744
Change 134744 by rwatson at rwatson_freebsd_capabilities on 2008/02/03 21:34:40
Update TODO list, a few things are done, but more needs doing.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/TODO#2 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/TODO#2 (text+ko) ====
@@ -5,22 +5,17 @@
High-level TODO list:
-- New file descriptor type "capability" that allows restricting the rights
- associated with more general file descriptor rights. cap_new(2) creates
- a capability from an existing file descriptor and requested rights mask.
-
-- New execution mode "capability mode", in which access to objects is done
- [almost] entirely through file descriptors or capabilities. cap_enter()
- enters this mode.
-
-- Implement fexec(2), so that new programs can be launched in capability
- mode.
-
- Implement capfs(3), a library service to provide subsetted file access to
a capability mode process, such as read capabilities on certain global or
user databases, libraries, etc, with a POSIX interface within the
capability mode process.
+- Implement scoping for pid-based system calls, tracking a new "inheritence"
+ relationship to authorize such calls. Unclear what the most efficient way
+ to do this is, but it only matters for processes actually in capability
+ mode so won't affect general performance, just capability mode performance
+ until optimizations are found.
+
- man pages for system calls
- ... bigger and better things ...
More information about the p4-projects
mailing list