>> You'd have to do a search through the fairly large group set each time you
>> wanted to check for the capability. Even if we did implement the gid method
>> externally, I still think that the kernel internal representation would be
>> best handled by a privilege mask.
>
>I can see this reasoning for most privileges... but not for the port
>ones. Hmm... how about a specific permission for PRIV_TCP, granted to
>any process with a group between x+1 and x+1023, with the port access
>granted being port=(group-x)? The same would be for PRIV_UDP. This
>would admittedly necessitate a group set scan for the group
>corresponding to the requested port. ucred seems to be a logical place
>to put a privilege mask.
I'll resist any scheme that ties specific privileges to specific gids. To
me it seems too kludgy and I also suspect that most FreeBSD admins will be
quite unhappy about us hijacking a large block of gids for our special
purposes.
>P.S. You were mentioning VAXen before; as it happens, I've been a user
>on those. Their privilege scheme is something I've had in mind
>also.
Prior to BSD, I operated a two machine VAX/VMS cluster for about 5 years
in my home datacenter (a facility that is next to my home office). :-)
-DG
David Greenman
Co-founder/Principal Architect, The FreeBSD Project
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message