ACL support.

From: pelletierma@netscape.net
Date: Tue Mar 05 2002 - 15:32:52 EST

Next message: Alexander Viro: "Re: Monolithic Vs. Microkernel"
Previous message: Pavel Machek: "Re: Monolithic Vs. Microkernel"
Next in thread: Andreas Dilger: "Re: ACL support."
Reply: Andreas Dilger: "Re: ACL support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I've given a swing at ACL support for the linux kernel. Kernel patches and userland support is avaliable for review at

http://sourceforge.net/projects/linux-acl/

I'm looking for complaints, praise, suggestions, and bug reports. :-) Since I'm unfamiliar with non-i386 entry.S, I've not yet added the system calls to other architectures, though. Sorry.

I'm on a slow link, so I can't subscribe to the mailing list and remain sane simultaneously. Please cc: comments to me; or post on the sourceforge project forums.

If you people think this is a Bad Idea(tm) to begin with, just tell me. :-)

-- Marc A. Pelletier

-- Original annoucement follows --

Initial release of Linux ACL support.

Somethings to dig your security teeth into: ACL support for the Linux kernel.

Access Control Lists allow fine grained access control to filesystem objects, by attaching a list of permissions to grant or deny specific capabilities to users or groups.
This implementation of ACL for the Linux kernel provides semantics that are almost totally compatible with the traditional POSIX umode model for applications that are unaware of the kernel support.

Features include the ability to set rights for fine grained operation on filesystem objects (such as separate write/truncate/append permissions) to an arbitary number of users or groups; and the ability to "offer" a file for chown()ing by another user.

Currently, using the package requires patching and recompiling your kernel, and installing tools to use the new features, thus requiring some kernel-fu savvy.

Once development has reached a stable, reliable state and has been well tested, the kernel patch aspect will be submitted for inclusion in the main kernel sources.

Testers are welcome, and peer review of the security aspects of the code are welcome, and desired.

__________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Viro: "Re: Monolithic Vs. Microkernel"
Previous message: Pavel Machek: "Re: Monolithic Vs. Microkernel"
Next in thread: Andreas Dilger: "Re: ACL support."
Reply: Andreas Dilger: "Re: ACL support."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 07 2002 - 21:00:47 EST