In some mail from Darren Reed, sie said:
> sigh...the < 1024 port thing keeps coming up. I will try and dig up the
> hacks I did to portalfs to provide acl's for listen sockets.
> no stupid extended permissions checks in kernels necessary.
well, I dug it up, and it's not really pretty, but it does prove it is
possible. the way I set it up to work was to read in the directory
structure prior to mount_portal taking it over and then use the file
perms in that for access control.
this was just an experiment.
a better way to do it is to have a separate configuration file for the
perms. so that you can edit those whilst mount_portal is still running.
I thought I'd had a go at that, but I don't see the code anywhere just
now so I'll assume it's not going to be easily found.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message