Re: Ideas for v2.1

Albert Cahalan (albert@ccs.neu.edu)
Wed, 26 Jun 1996 13:55:25 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert Cahalan: "Re: real kernel bloat"
Previous message: Johannes Joubert: "TCP & Kernel 2.0.0 & Netware"

From: Marc Unangst <mju@cs.cmu.edu>
> I'm concerned about doing access control. I want to prevent
> unauthorized users from making network connections to certain
> addresses or ports, while still allowing access to other services.
...
> This type of control really has to be implemented in the kernel,
> since otherwise it can be broken if the user writes their own
> program to make the appropriate system calls, or uploads their
> own FTP/telnet client.

You need a way to keep someone from setting the execute bits.
Every permission change should be checked against a mask,
which you might set to limit permissions to 0640.

Next message: Albert Cahalan: "Re: real kernel bloat"
Previous message: Johannes Joubert: "TCP & Kernel 2.0.0 & Netware"