[791] in linux-security and linux-alert archive
Re: [linux-security] standard users,groups,perms?
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Jun 12 18:59:45 1996
To: root@kbs.net
Date: Wed, 12 Jun 1996 09:37:16 +0200 (METDST)
Cc: R.E.Wolff@et.tudelft.nl, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.93.960611233311.26953A-100000@kbs.net> from "Sanjay Kapur" at Jun 11, 96 11:44:28 pm
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl
>
> On Tue, 11 Jun 1996, Rogier Wolff wrote:
>
> >
> > To do this, every uid should get
> > a bitvector of privileges. Every "suser()" call in the
> > kernel should get mapped to one of the bits. The default
> > setup sets all of these bits to "enabled" for "root" and
> > "disabled" for all other users.
>
> VMS, Secure VMS etc. have this and it is very well documented. Another
> thing that higher level security requires is Access Control Lists (ACLs)
> rather than the very simplistic user/group/world security model of Unix.
Agreed. Is Remi Card on this list? We should try to push him to
implement ACLs finally... (Or was I at the north pole while it was
implemented :-)
[Mod: Remy's not on this list (that I know of, though he might be on it
via a secondary exploder), but he is working in this direction. See
linux.nrao.edu:/pub/linux/packages/ext2fs/slides/berlin96/acl-*
(mirrored from tsx-11) for a brief outline of his current ACL work.
--Jeff.]
> Security is not a question of technology or using a string "root" to log
> on but a frame of mind and a set of procedures. Large systems security
> policies, although nice just do not apply to single user systems. If it
> did, Bill Gates would not be worth $17 billion selling over 60
> million copies of Windows and MSDOS every year.
Aha! Yes Agreed. As Domain/OS users will know, ACLs are a superset of
the old-fashioned user/group/others permission bits. I am suggesting
to implement the kernel level support for good security, not that I
want to push it onto every single Linux user. There are lots of
features that normal home-users won't use (firewalling for instance).
Roger.
--
** Q: What's the difference between MicroSoft Windows and a virus? **
** A: Apart from the fact that virusses install easier, none. **
** EMail: R.E.Wolff@et.tudelft.nl * Tel +31-15-2783643 or +31-15-2137459 **
*** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***