Difference between revisions of "Tom"
Tom Golubev (Talk | contribs) (New page: Nomenclature: scall = system call, the user space part of it; in the library kcall = call that the scall makes, that will actually encrypt stuff (kernel space) uspace = user space applicat...) |
Tom Golubev (Talk | contribs) |
||
| Line 1: | Line 1: | ||
Nomenclature: | Nomenclature: | ||
| − | scall = system call, the user space part of it; in the library | + | scall = system call, the user space part of it; in the library<br> |
| − | kcall = call that the scall makes, that will actually encrypt stuff (kernel space) | + | kcall = call that the scall makes, that will actually encrypt stuff (kernel space)<br> |
| − | uspace = user space application (protectfile) | + | uspace = user space application (protectfile)<br> |
| − | + | <br> | |
'''Issues:''' | '''Issues:''' | ||
| − | do we check for root in scall? we should. kernel shouldnt have to check for that | + | do we check for root in scall? we should. kernel shouldnt have to check for that<br> |
| − | so the buffer is allocated in the scall. it makes a kcall, and passes the pointer to the scall's buffer, encrypts it and returns | + | so the buffer is allocated in the scall. it makes a kcall, and passes the pointer to the scall's buffer, encrypts it and returns<br> |
| − | you don't need to be root, any user can set there own key, and e / d their own files | + | you don't need to be root, any user can set there own key, and e / d their own files<br> |
| − | max 8 users as per design | + | max 8 users as per design<br> |
| − | + | <br> | |
| − | what about user privs? users shouldnt have access to e / d if they dont have rights to a file | + | what about user privs? users shouldnt have access to e / d if they dont have rights to a file<br> |
| − | + | <br> | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | can use a struct with a key, and uid, valid bit. Make an array of them, search through every attempt, find free spot after the fact. Maybe ineffiecient. | + | '''Task 1:''' Implement setkey(unsigned int k0, unsigned int k1) syscall<br> |
| + | save for up to 8 users<br> | ||
| + | hash on UID -> how?<br> | ||
| + | If both k0, k1 == 0, disable encryption: reset key to 0<br> | ||
| + | <br> | ||
| + | can use a struct with a key, and uid, valid bit. Make an array of them, search through every attempt, find free spot after the fact. Maybe ineffiecient.<br> | ||
| − | '''Task 2:''' Enable sticky bit (S_ISVTX) | + | '''Task 2:''' Enable sticky bit (S_ISVTX)<br> |
| − | modify the ALL_MODES constant in minix/const.h to be 0007777 | + | modify the ALL_MODES constant in minix/const.h to be 0007777<br> |
Revision as of 03:56, 5 June 2009
Nomenclature:
scall = system call, the user space part of it; in the library
kcall = call that the scall makes, that will actually encrypt stuff (kernel space)
uspace = user space application (protectfile)
Issues:
do we check for root in scall? we should. kernel shouldnt have to check for that
so the buffer is allocated in the scall. it makes a kcall, and passes the pointer to the scall's buffer, encrypts it and returns
you don't need to be root, any user can set there own key, and e / d their own files
max 8 users as per design
what about user privs? users shouldnt have access to e / d if they dont have rights to a file
Task 1: Implement setkey(unsigned int k0, unsigned int k1) syscall
save for up to 8 users
hash on UID -> how?
If both k0, k1 == 0, disable encryption: reset key to 0
can use a struct with a key, and uid, valid bit. Make an array of them, search through every attempt, find free spot after the fact. Maybe ineffiecient.
Task 2: Enable sticky bit (S_ISVTX)
modify the ALL_MODES constant in minix/const.h to be 0007777
Task 3: uspace utility protectfile
set sticky bit appropriately by setting sticky bit using chmod scall
e / d should be done with the sticky bit off to ensure that no e / d is done automatically by the file system.
Need to obtain file ID with stat() syscall
